[Lxc-users] User Namespace Support in LXC
Saurabh Deochake
saurabh.d04 at gmail.com
Wed Nov 13 05:43:15 UTC 2013
Hi all,
I'm trying to restrict privileges of "root" user inside the container. I
came across this "idmap" element of Libvirt Domain XML file.
<idmap>
<uid start='0' target='1000' count='10'/>
<gid start='0' target='1000' count='10'/>
</idmap>
This says that user with uid 0 in the container is mapped to user with uid
1000 on the host.
I checked if it works, I created a file with root user inside the container
and checked uid of the file. Inside the container I get uid of file as 0
and even on host I get the same uid as 0 instead of 1000.
Later I checked the output of "lxc-checkconfig". Output was:
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
*User namespace: missing*
Network namespace: enabled
Multiple /dev/pts instances: enabled
Here it shows that User namespace support is missing. I tried to check for
Namespaces Support in kernel menuconfig. It has support for following
namespaces only:
--- Namespaces support
[*] UTS namespace
[*] IPC namespace
[*] PID Namespaces
[*] Network namespace
There is no User Namespace support.
How should I get this user namespace working on my system?
The link says that User Namespace feature has already been implemented
in *kernel
3.9.*
Reference Link: https://lwn.net/Articles/532593/
My system details are as follow:
OS: Fedora 19
*Kernel: 3.9.5*
Please help me out getting user namespace working on my system.
Thanks and regards,
Saurabh Deochake.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20131113/76e1bb1d/attachment.html>
More information about the lxc-users
mailing list