[lxc-users] dbus and uidmap
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Oct 23 18:10:31 UTC 2014
Quoting overlay fs (overlayfs at gmail.com):
> I would like to connect the host's session-bus to an unprivileged container.
>
> The connection succeeds when I use a trivial uidmap,
>
> uidmap: container -> host: 1000 -> 1000
>
> With a non-trivial uidmap, dbus authorization fails because the uidmap
> interferes with the scm_credentials.
>
> Is it possible to use a non-trivial uidmap?
>
> It seems that cgproxy has solved the uidmap problem for dbus, but
> AFAIK it only applies to cgroups, not the session bus.
What exactly are you trying to connect to? Indeed your app is
sending the uid it thinks it is (1000) over dbus as an integer,
and the other end grabs the uid from the socket owner (which
is the shifted uid). So those need to match, which is why you
need uid 1000->1000.
-serge
More information about the lxc-users
mailing list