[Lxc-users] PAM-module for adhoc creation of container
Serge E. Hallyn
serge.hallyn at canonical.com
Fri Sep 2 20:02:22 UTC 2011
Quoting "Axel Schöner" (axel.schoener at gmx.de):
> Hello,
>
> i need some feedback and suggestions for this project. If there are
> similar solutions please let me know.
>
> I want to build a solution for creating and starting a container on user login
> (via ssh or shell). The user should be redirected inside a container as root
> to a bash.
For now, don't give away root in a container to anyone who you wouldn't
give root on your host.
> I know there is a PAM-module (pam-netns) for creating a network in
> a separated namespace when a user logs in. I think it should be possible to
> realize my goals based on this module.
Not until the patchset allowing you to unshare pidns goes upstream.
Cloning won't suffice. That is actually the whole reason why Janak
initially pushed sys_unshare().
-serge
More information about the lxc-users
mailing list