[lxc-users] LXD: Changing ownership on /root not permitted.

Luis Michael Ibarra michael.ibarra at gmail.com
Thu Oct 1 21:54:08 UTC 2015


I found an interesting behavior today which I think is not wrong but it's
still interesting.

When I tried to copy a file from the host to /root inside the container
using cp, this happened.

On the host:
$sudo cp some_file.sh /var/lib/lxc/containers/c1/rootfs/root/

On the container:
#ls -la /root/ | grep some_file.sh
-rwxr-xr-x  1 *nobody nogroup* 3450 Oct  1 21:34 some_file.sh

#chown root.root /root/some_file.sh
chown: changing ownership of 'some_file.sh': Operation not permitted

This behavior happens only in the /root/ directory on the container,
because this directory has 700 as its permissions. So, the only way to
write inside is being root on the host, but id 0 is not mapped in
/etc/subuid/ inside the container. I can write directly to any other
directory of the container's root tree from the host without getting sudo
privileges because my user is in the lxd group.

So, lesson learned that always use push/pull to copy files.

Disclaimer: I know how push/pull works, I was trying to copy a file in the
old fashioned way.

Luis M. Ibarra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151001/c2ee10b6/attachment.html>

More information about the lxc-users mailing list