[lxc-users] Is there any advantage to use separate subuid and subguid for each container?

John Siu john.sd.siu at gmail.com
Mon Feb 15 04:56:46 UTC 2016 

Is there any advantage to use separate subuid and subguid for each container? 

For example, when multiple unprivileged containers with the same subuid 100000, ps will show something like the following:

100000  7588 30214  0 23:45 pts/0    00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
100000  7593 30161  0 23:45 pts/3    00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
100000  7596 30149  0 23:45 pts/0    00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
100000  7599 30167  0 23:45 pts/5    00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
100000  7605 30313  0 23:45 pts/19   00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
100000  7608 30206  0 23:45 pts/0    00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
100000  7611 30279  0 23:45 pts/3    00:00:00 /sbin/agetty --noclear --keep-baud pts/3 115200 38400 9600 vt220
100000  7617 30330  0 23:45 pts/3    00:00:00 /sbin/agetty --noclear --keep-baud pts/3 115200 38400 9600 vt220
100000  7620 30214  0 23:45 pts/9    00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
100000  7624 30161  0 23:45 pts/2    00:00:00 /sbin/agetty --noclear --keep-baud pts/2 115200 38400 9600 vt220
100000  7627 30149  0 23:45 pts/1    00:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220
100000  7632 30385  0 23:45 ?        00:00:00 /bin/sh /etc/init.d/ondemand background
100000  7637 30167  0 23:45 pts/1    00:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220
100000  7640 30313  0 23:45 pts/1    00:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220
100000  7648 30279  0 23:45 pts/16   00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
100000  7649 30206  0 23:45 pts/6    00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
100000  7661 30330  0 23:45 pts/1    00:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220
100000  7664 30214  0 23:45 pts/2    00:00:00 /sbin/agetty --noclear --keep-baud pts/2 115200 38400 9600 vt220
100000  7669 30161  0 23:45 pts/0    00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
100000  7674 30149  0 23:45 pts/1    00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
100000  7679 30385  0 23:45 pts/2    00:00:00 /sbin/agetty --noclear --keep-baud pts/2 115200 38400 9600 vt220
100000  7685 30167  0 23:45 pts/0    00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
100000  7688 30336  0 23:45 pts/1    00:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220
100000  7691 30279  0 23:45 pts/2    00:00:00 /sbin/agetty --noclear --keep-baud pts/2 115200 38400 9600 vt220
100000  7692 30313  0 23:45 pts/3    00:00:00 /sbin/agetty --noclear --keep-baud pts/3 115200 38400 9600 vt220
100000  7697 30206  0 23:45 pts/1    00:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220
100000  7701 30330  0 23:45 pts/20   00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 vt220
100000  7704 30214  0 23:45 pts/3    00:00:00 /sbin/agetty --noclear --keep-baud pts/3 115200 38400 9600 vt220
100000  7708 30161  0 23:45 pts/1    00:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220
100000  7712 30149  0 23:45 pts/2    00:00:00 /sbin/agetty --noclear --keep-baud pts/2 115200 38400 9600 vt220
100000  7715 30385  0 23:45 pts/0    00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
100000  7720 30167  0 23:45 pts/2    00:00:00 /sbin/agetty --noclear --keep-baud pts/2 115200 38400 9600 vt220
100000  7723 30279  0 23:45 pts/0    00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
100000  7727 30336  0 23:45 pts/0    00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
100000  7730 30313  0 23:45 pts/2    00:00:00 /sbin/agetty --noclear --keep-baud pts/2 115200 38400 9600 vt220
100000  7734 30206  0 23:45 pts/3    00:00:00 /sbin/agetty --noclear --keep-baud pts/3 115200 38400 9600 vt220
100000  7737 30330  0 23:45 pts/0    00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220
100000  7740 30214  0 23:45 pts/1    00:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220

One cannot tell which process is owned by which container.

Additionally, using the same subuid, is there any concern about one container gaining access to the other containers? Or is this not a problem at all?

John

More information about the lxc-users mailing list