[lxc-users] ID mapping blues (was: Does lxc-execute work with unprivileged containers?)
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Feb 26 15:54:34 UTC 2015
Quoting Patrick Toomey (patrick.toomey at github.com):
> > Does that at least explain the technical aspect?
>
> Yeah, that makes total sense. I actually came to the same understanding a
> few minutes after I sent my original email. I think drafting the question
> ended up forcing my brain to understand what was happening :-). Now that I
> at least understand what is happening, I can play with the uid mappings to
> see if I can accomplish what I'd like to do. Thanks!
If you want the container to have access to your host uid 1000's files,
then add a second mapping,
lxc.id_map = u 200000 1000 1
lxc.id_map = g 200000 1000 1
Now files owned by your uid 1000 on the host will appear as uid 200000 in
the container. Or, you can make a more complicated mapping where uid 1000
in the container is 1000 in the host, like
lxc.id_map = u 0 100000 1000
lxc.id_map = g 0 100000 1000
lxc.id_map = u 1000 1000 1
lxc.id_map = g 1000 1000 1
lxc.id_map = u 1001 101001 64535
lxc.id_map = g 1001 101001 64535
Of course in either case your host user is now not protected from the
container.
More information about the lxc-users
mailing list