[lxc-users] Can a container modify the host rtc?

Marat Khalili mkh at rqc.ru
Wed Jul 27 08:40:00 UTC 2016


On 26/07/16 19:58, Stewart Brodie wrote:
>
> You won't be able to call those functions from a container not in the
> initial user namespace, even if you possess CAP_SYS_TIME, because of the way
> the kernel does its permission checks.
I wonder if there's there really no workaround for ntpd? Special version 
talking to the host through pipe probably? It is very convenient from 
administration point of view to keep every network service in a separate 
container.

--

With Best Regards,
Marat Khalili


More information about the lxc-users mailing list