[lxc-users] Security question: root w/ subuids vs. unprivileged.

Fajar A. Nugraha list at fajar.net
Fri Nov 28 06:01:24 UTC 2014


On Fri, Nov 28, 2014 at 12:08 AM, Raimund Berger <raimund.berger at gmail.com>
wrote:

> I'm asking since, as root, I'm guessing it might be easier to map select
> devices - like OSS audio - into a container, even when mapping uids too,
> which seems to be pretty much impossible to do with unprivileged
> containers (for good reason, obviously).



I thought there are groups for mostly every device a normal user would need
to access, e.g. audio group? My guess is that if the uid of the user
starting the container (as well as mapped root and whatever user inside the
container that needs to access the device) belongs to the host's group, it
should work even for unprivileged containers.

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20141128/4957d5aa/attachment.html>


More information about the lxc-users mailing list