[lxc-users] Unprivileged LXC and world-writable /dev/ttyUSB...

Serge E. Hallyn serge at hallyn.com
Fri Jan 5 22:27:10 UTC 2018


Quoting Dr. Todor Dimitrov (dimitrov at technology.de):
> Hallo,
> 
> accessing the /dev/ttyUSB… devices from inside an unprivileged container requires that the dev nodes are configured with world-writable permissions, i.e.
> 
> crw-rw-rw-    1 root     root      188,   0 Jan  1  1970 /dev/ttyUSB0
> 
> Is there a way to make the subordinate user (e.g. subuid 100000) be a member of a group (e.g. dialout) such that the access to the /dev/ttyUSB… devices is somewhat restricted, e.g.
> 
> crw-rw----    1 root     dialout      188,   0 Jan  1  1970 /dev/ttyUSB0
> 
> I guess the reverse configuration would be possible, but not very generic:
> 
> crw-rw----    1 root     100000      188,   0 Jan  1  1970 /dev/ttyUSB0
> 
> Thanks in advance,
> Todor

Would be easier to add an acl to allow 100000 access - see setfacl.


More information about the lxc-users mailing list