[Lxc-users] PAM-module for adhoc creation of container

Serge E. Hallyn serge.hallyn at canonical.com
Fri Sep 2 20:02:22 UTC 2011


Quoting "Axel Schöner" (axel.schoener at gmx.de):
> Hello,
> 
> i need some feedback and suggestions for this project. If there are 
> similar solutions please let me know.
> 
> I want to build a solution for creating and starting a container on user login 
> (via ssh or shell). The user should be redirected inside a container as root 
> to a bash.

For now, don't give away root in a container to anyone who you wouldn't
give root on your host.

> I know there is a PAM-module (pam-netns) for creating a network in 
> a separated namespace when a user logs in. I think it should be possible to 
> realize my goals based on this module.

Not until the patchset allowing you to unshare pidns goes upstream.
Cloning won't suffice.  That is actually the whole reason why Janak
initially pushed sys_unshare().

-serge




More information about the lxc-users mailing list