[Lxc-users] running lxc-execute as user
Justin Cormack
justin at specialbusservice.com
Thu Apr 7 17:00:55 UTC 2011
I want to run a command in a container with lxc-execute, and its not
something that does setuid, setgid itself, it expects to be run as a
non-root user.
Am I correct that the expected way to do this is to run lxc-setcap so I
can run lxc-execute as the user, and then make sure the container config
has
lxc.cap.drop = dac_override fowner setpcap net_admin net_raw sys_chroot
sys_admin
so I drop all the capabilities again? It seems slightly more error prone
than being able to set a uid and gid in the config directly, but maybe
its just me adjusting to using capabilities...
thanks
Justin
More information about the lxc-users
mailing list