[lxc-users] Unprivileged container file permissions
Mahmood
mahmood at circleci.com
Sat May 24 00:43:27 UTC 2014
Hi,
I'm trying to use unprivileged containers that are inaccessible by
other user in a shared environment. Setting container path to 550
seems to block lxc-start. What are the minimal permissions that I
need to set on the directory so lxc-start can start successfully? Any
pointers for managing subuid permissions?
Here is my sample commands transcript:
```
ubuntu at ip-10-65-151-126:~$ chmod o-rx .local/share/lxc/u1
ubuntu at ip-10-65-151-126:~$ ls -lha .local/share/lxc |grep u1
drwxr-x--- 3 ubuntu ubuntu 4.0K May 23 23:45 u1
ubuntu at ip-10-65-151-126:~$
ubuntu at ip-10-65-151-126:~$ # Starting a container with no other permission
ubuntu at ip-10-65-151-126:~$ lxc-start -n u1
lxc_container: Permission denied - failed to get real path for
'/home/ubuntu/.local/share/lxc/u1/rootfs'
lxc_container: failed to mount rootfs
lxc_container: failed to setup rootfs for 'u1'
lxc_container: failed to setup the container
lxc_container: invalid sequence number 1. expected 2
lxc_container: failed to spawn 'u1'
ubuntu at ip-10-65-151-126:~$
ubuntu at ip-10-65-151-126:~$ # Now with other having rx access
ubuntu at ip-10-65-151-126:~$ chmod o+rx .local/share/lxc/u1
ubuntu at ip-10-65-151-126:~$ lxc-start -n u1 -d
ubuntu at ip-10-65-151-126:~$ lxc-attach -n u1
root at u1:~# It worked
```
Thanks!
- Mahmood
More information about the lxc-users
mailing list