[lxc-users] DBUS connection from inside container using system dbus
Serge E. Hallyn
serge at hallyn.com
Mon Mar 27 13:15:59 UTC 2017
On Thu, Mar 02, 2017 at 03:46:10PM +0530, Adithya K wrote:
> Hi All,
>
> I am usig busybox template to create container on ubuntu. I am creating
> container as non privilage. Attached is the config created.
>
> I am mapping var/run/duns/socket from host to container. Basically I am
> using host dbus.
>
> What I see is when I try to run and dbus program,
> dbus_bus_get(DBUS_BUS_SYSTEM, &err); call fails. Basically I am not able to
> get dbus bus connection.
>
> When I create container using privilage mode, then this issue doesn't
> exist.
>
> Any solution for this issue.
If the service ("duns"?) is checking the peer sock credentials then it'll
get the host uid. If it enforces that it be zero then the check will fail.
You could write a dbus proxy (should be a very short go program) which takes
container uid as parameters, verifies a connection comes from root in container
(i.e. 100000), then forwards the call as host root to the host socket. If you
write that and publish it, I think it would become quite popular.
(Maybe something like that already exists, but I haven't heard of it)
-serge
More information about the lxc-users
mailing list