[Lxc-users] Start a container /sbin/init as user
Antoine Catton
acatton at tiolive.com
Thu Aug 2 07:39:54 UTC 2012
Hi everybody,
I'm trying to start a container as user. After some patches, I managed
to have something working.
lxc-start exec /sbin/init inside the container as expected. (My
container is a debian one, but it doesn't matter I think), since
sysvinit check if the current uid is root, it doesn't work. I get :
> $ lxc-start […]
> init: must be superuser.
If I run :
> lxc-start […] /usr/bin/whoami
I get :
> /usr/bin/whoami: cannot find name for user ID [my user id]
A successful workaround is to put a suid on /sbin/init inside the
container. But I would like to avoid it. Because, besides being dirty,
it allows anyone inside the container to run /sbin/init as root.
I read lxc code, I didn't find any place where lxc-start used setuid(),
or changed uid before exec'ing. (Maybe I just didn't see it.)
This makes me wondering two things…
– Is it possible to start/stop a container as user ? How'd you do it ?
– Do you use the kernel's user namespace ? How do you change user uid
before starting a container ?
Thank you.
--
Antoine Catton
Nexedi Intern
More information about the lxc-users
mailing list