[lxc-users] permissions question: netstat -anp does not show process for non owned processes
Umberto Nicoletti
umberto.nicoletti at gmail.com
Tue May 3 15:07:04 UTC 2016
Hi all,
I am dipping my toes into LXC and I'm liking what I see so far.
I have one question about privileges/security inside containers: I have
started a container and then accessed it with:
lxc exec c1 /bin/bash
If I run netstat -anp it will refuse to show me process information for
processes that I do not own (even though I appear to be root).
For instance an haproxy instance listening on port 3000 appears as the
following (haproxy is running as user haproxy):
root at c1:~# netstat -anp | grep 3000
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:3000 0.0.0.0:* LISTEN
-
I am running the latest lxc/lxd on Ubuntu 16.04.
>From what I have read I understand there is some uid mapping going on but I
was hoping someone could explain it to me or point me in the right
direction.
TIA,
Umberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160503/4505f551/attachment.html>
More information about the lxc-users
mailing list