[Lxc-users] Root-less containers?

Gary Ballantyne gary.ballantyne at haulashore.com
Sat Feb 5 23:31:01 UTC 2011


On 2/6/2011 10:44 AM, Daniel Lezcano wrote:
> On 02/04/2011 07:24 PM, Andre Nathan wrote:
>> Hello
>>
>> Is it possible to have everything inside a container (including init,
>> getty and whatever daemons are installed) being run as a normal user?
>> That is, can I have a container with no root user in /etc/passwd?
> 
> Not yet. The user namespace is partially implement in the kernel and the 
> userspace tools do not make use of it for the moment.

Is this important if, say, a malicious user has access to a container?
Or, can a container be configured such that they could do little harm?
(Apologies if this is a stupid question, but it's very significant to
our project).




More information about the lxc-users mailing list