[lxc-users] lxc-users Digest, Vol 23, Issue 10

Mahmood mahmood at circleci.com
Mon May 26 00:16:51 UTC 2014 

Thanks!  That worked perfectly!

- Mahmood

> ---------- Forwarded message ----------
> From: Serge Hallyn <serge.hallyn at ubuntu.com>
> To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
> Cc:
> Date: Sat, 24 May 2014 22:04:06 +0000
> Subject: Re: [lxc-users] Unprivileged container file permissions
> Quoting Mahmood (mahmood at circleci.com):
>> Hi,
>>
>> I'm trying to use unprivileged containers that are inaccessible by
>> other user in a shared environment.  Setting container path to 550
>> seems to block lxc-start.  What are the minimal permissions that I
>> need to set on the directory so lxc-start can start successfully?  Any
>> pointers for managing subuid permissions?
>>
>> Here is my sample commands transcript:
>>
>> ```
>> ubuntu at ip-10-65-151-126:~$ chmod o-rx .local/share/lxc/u1
>> ubuntu at ip-10-65-151-126:~$ ls -lha .local/share/lxc |grep u1
>> drwxr-x--- 3 ubuntu ubuntu 4.0K May 23 23:45 u1
>
> chgrp it to the root gid in your container, while keep it owned
> by ubuntu.
>
> Perhaps lxc should be setting it up like that at create...
>
>> ubuntu at ip-10-65-151-126:~$
>> ubuntu at ip-10-65-151-126:~$ # Starting a container with no other permission
>> ubuntu at ip-10-65-151-126:~$ lxc-start -n u1
>> lxc_container: Permission denied - failed to get real path for
>> '/home/ubuntu/.local/share/lxc/u1/rootfs'
>> lxc_container: failed to mount rootfs
>> lxc_container: failed to setup rootfs for 'u1'
>> lxc_container: failed to setup the container
>> lxc_container: invalid sequence number 1. expected 2
>> lxc_container: failed to spawn 'u1'
>> ubuntu at ip-10-65-151-126:~$
>> ubuntu at ip-10-65-151-126:~$ # Now with other having rx access
>> ubuntu at ip-10-65-151-126:~$ chmod o+rx .local/share/lxc/u1
>> ubuntu at ip-10-65-151-126:~$ lxc-start -n u1 -d
>> ubuntu at ip-10-65-151-126:~$ lxc-attach -n u1
>> root at u1:~# It worked
>> ```
>>
>> Thanks!
>> - Mahmood
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>

More information about the lxc-users mailing list