[Lxc-users] running lxc-execute as user

Justin Cormack justin at specialbusservice.com
Thu Apr 7 17:00:55 UTC 2011


I want to run a command in a container with lxc-execute, and its not
something that does setuid, setgid itself, it expects to be run as a
non-root user.

Am I correct that the expected way to do this is to run lxc-setcap so I
can run lxc-execute as the user, and then make sure the container config
has

lxc.cap.drop = dac_override fowner setpcap net_admin net_raw sys_chroot
sys_admin

so I drop all the capabilities again? It seems slightly more error prone
than being able to set a uid and gid in the config directly, but maybe
its just me adjusting to using capabilities...

thanks

Justin






More information about the lxc-users mailing list