[lxc-devel] lxc-dnsmasq user

Michael H. Warfield mhw at WittsEnd.com
Thu Oct 2 21:42:40 UTC 2014 

On Thu, 2014-10-02 at 21:26 +0000, Serge Hallyn wrote:
> Quoting Dwight Engen (dwight.engen at oracle.com):
> > Hi Mike,
> > 
> > I was just wondering what the reason was for choosing to create a
> > lxc-dnsmasq user? If I read the dnsmasq man-page right, it will
> > normally drop privileges and switch to user 'nobody', so was there some
> > reason 'nobody' was a problem?
> > 
> > Just asking as it would be simpler if lxc didn't have to create/delete
> > the additional lxc-dnsmasq user in the distro packaging. Thanks.

> I suspect this came from me from the original network configuration for
> ubuntu.  Basically the idea is there'll also be dnsmasq running for
> libvirt and for the host, so better to keep those from harming each
> other.  Libvirt already ran its own under libvirt-dnsmasq, so I added
> lxc-dnsmasq along the same lines.

That is exactly correct.  Because it was required by lxc-net, which was
refactored out of the Ubuntu upstart configuration files by Martin, I
chose to follow that pattern rather than open another front of
discussion and delay the patches even worse.  This was another front
where that refactoring broke our code and we needed to adapt.

> I think it'd be fair to have the init scripts check to see if the
> lxc-dnsmasq user exists, and start as user nobody if not.

That may be very true but, since this was based on the Ubuntu changes
and activities, I see that as your fight to argue.  I concur with you
completely.  But, to change it means changing the Ubuntu setup as well
and we really need to keep things as consistent as possible between the
platforms.

> -serge

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20141002/35d3c018/attachment.sig>

More information about the lxc-devel mailing list