[lxc-users] is starting unprivileged containers as root as secure as running them as any other user?
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Jan 11 22:13:06 UTC 2016
Quoting david.andel at bli.uzh.ch (david.andel at bli.uzh.ch):
> Hmm, this is interesting.
> I am runnung my container from the unprivileged user 'lxduser' and yet:
>
> root at qumind:~# ps -ef | grep '[l]xc monitor'
> root 7609 1 0 11:54 ? 00:00:00 [lxc monitor] /var/lib/lxd/containers pgroonga
>
> What is wrong here?
You're using lxd. Lxd runs as root. You are not starting the
containers as 'lxduser' - you are making requests as 'lxduser' for
the root-owned process 'lxd' to start the containers.
More information about the lxc-users
mailing list