[Lxc-users] User Namespace Support in LXC
Darko Luketic
info at icod.de
Wed Nov 13 13:43:29 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Afaik user namespaces support is added in 3.12 kernel release.
At least my 3.12 kernel has this option and it evaluates to true.
On 11/13/2013 06:43 AM, Saurabh Deochake wrote:
> Hi all,
>
> I'm trying to restrict privileges of "root" user inside the
> container. I came across this "idmap" element of Libvirt Domain XML
> file.
>
> <idmap> <uid start='0' target='1000' count='10'/> <gid start='0'
> target='1000' count='10'/> </idmap>
>
> This says that user with uid 0 in the container is mapped to user
> with uid 1000 on the host.
>
> I checked if it works, I created a file with root user inside the
> container and checked uid of the file. Inside the container I get
> uid of file as 0 and even on host I get the same uid as 0 instead
> of 1000.
>
> Later I checked the output of "lxc-checkconfig". Output was:
>
> --- Namespaces --- Namespaces: enabled Utsname namespace: enabled
> Ipc namespace: enabled Pid namespace: enabled *User namespace:
> missing* Network namespace: enabled Multiple /dev/pts instances:
> enabled
>
> Here it shows that User namespace support is missing. I tried to
> check for Namespaces Support in kernel menuconfig. It has support
> for following namespaces only:
>
> --- Namespaces support [*] UTS namespace [*] IPC namespace [*]
> PID Namespaces [*] Network namespace
>
> There is no User Namespace support.
>
> How should I get this user namespace working on my system?
>
> The link says that User Namespace feature has already been
> implemented in *kernel 3.9.* Reference Link:
> https://lwn.net/Articles/532593/
>
> My system details are as follow: OS: Fedora 19 *Kernel: 3.9.5*
>
> Please help me out getting user namespace working on my system.
>
> Thanks and regards, Saurabh Deochake.
>
>
>
> ------------------------------------------------------------------------------
>
>
DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps
> OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API
> Access Free app hosting. Or install the open source package on any
> LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha
> Touch and Native!
> http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
>
>
>
>
> _______________________________________________ Lxc-users mailing
> list Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJSg4IBAAoJENrR4EaH4PXFlf8H/irYSnMJoIR3n6SDqSULhSRC
N+FXQSfoUVzpvXwzzIDEK/fmULQZk2ZK+mwr7+cO31B9Uw/AhhQnxOzS9LmoxdX+
0kjLAtzfP5uvkpgsQQ7/6ePRdWTlay8oEwV74l/RwOMFVf5jORXAItohEKKAElqO
8nRpup5FMgYSKvkZVIvuv1SLD5MlUMHWUeqYtP3gBcsfHnBvENIJaaR2e9ke+UZ7
BuR29yEI3mZPC7KVYpD3RAFGIZ8wtKUT7taGsreNXT+tzDeKQikiY9fqAz1VGTJy
1cK/uuiHzulL+NvcuNjqf122ifEai6mFnINH7HK58Zi+WN5LfKSV/SAQ4rL68rk=
=Xf5V
-----END PGP SIGNATURE-----
More information about the lxc-users
mailing list