[lxc-users] permissions question: netstat -anp does not show process for non owned processes

Umberto Nicoletti umberto.nicoletti at gmail.com
Tue May 3 15:07:04 UTC 2016


Hi all,
I am dipping my toes into LXC and I'm liking what I see so far.

I have one question about privileges/security inside containers: I have
started a container and then accessed it with:

lxc exec c1 /bin/bash

If I run netstat -anp it will refuse to show me process information for
processes that I do not own (even though I appear to be root).

For instance an haproxy instance listening on port 3000 appears as the
following (haproxy is running as user haproxy):

root at c1:~# netstat -anp | grep 3000
(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
tcp        0      0 127.0.0.1:3000          0.0.0.0:*               LISTEN
     -

I am running the latest lxc/lxd on Ubuntu 16.04.

>From what I have read I understand there is some uid mapping going on but I
was hoping someone could explain it to me or point me in the right
direction.

TIA,
Umberto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160503/4505f551/attachment.html>


More information about the lxc-users mailing list