[lxc-users] sudo not working in unprivileged container
Vitaly Belostotsky
spam.for.byly at gmail.com
Mon Jun 16 17:53:47 UTC 2014
Thank you for the responce.
I'm using ubuntu trusty both as host and guest.
If I try to use ubuntu precise guest instead, sudo fails again, but this
time the message is:
sudo: must be setuid root
Which is definitely wrong:
ubuntu at up:~$ ls -l /usr/bin/sudo
-rwsr-xr-x 2 root root 71288 Mar 11 12:24 /usr/bin/sudo
(sorry, I'm limited in highlighting abilities).
What's interesting, today I tried to create dedicated user for the lxc, and
(besides minor annoyance with login, already listed in comments to original
blog post:
https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/#comment-183540),
sudo works in guest, but this time lxc-attach fails. I conceive no
differences between my regular host account and this new one, except for
encrypted home, sudo ability (on host), etc.
On Mon, Jun 16, 2014 at 5:51 PM, Serge Hallyn <serge.hallyn at ubuntu.com>
wrote:
> Quoting Vitaly Belostotsky (spam.for.byly at gmail.com):
> > Hi, all!
> >
> > I'm trying to reproduce steps in
> > https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/.
> > Everything goes well except for sudo producing error:
> >
> > sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the
> > 'nosuid' option set or an NFS file system without root privileges?
> >
> > I'm using updated ubuntu 14.04 distro.
> >
> > OTOH, when I use lxc-attach, I get the root shell in container and I can
> > execute necessary commands (such as apt-get). But it's not as convenient,
> > I'd prefer to use sudo.
> >
> > What is my mistake?
> > I failed to google relevant info, so I ask here. Thanks in advance.
>
> Hi,
>
> I suspect you're seeing this bug:
>
> https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1263738
>
> I no longer see it in most cases with trusty and later guests at
> least - precise guests probably would still exhibit it. What host
> and guest OS+release are you using?
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140616/0c899ddd/attachment.html>
More information about the lxc-users
mailing list