[lxc-users] Unprivileged LXC and world-writable /dev/ttyUSB...
Serge E. Hallyn
serge at hallyn.com
Fri Jan 5 22:27:10 UTC 2018
Quoting Dr. Todor Dimitrov (dimitrov at technology.de):
> Hallo,
>
> accessing the /dev/ttyUSB… devices from inside an unprivileged container requires that the dev nodes are configured with world-writable permissions, i.e.
>
> crw-rw-rw- 1 root root 188, 0 Jan 1 1970 /dev/ttyUSB0
>
> Is there a way to make the subordinate user (e.g. subuid 100000) be a member of a group (e.g. dialout) such that the access to the /dev/ttyUSB… devices is somewhat restricted, e.g.
>
> crw-rw---- 1 root dialout 188, 0 Jan 1 1970 /dev/ttyUSB0
>
> I guess the reverse configuration would be possible, but not very generic:
>
> crw-rw---- 1 root 100000 188, 0 Jan 1 1970 /dev/ttyUSB0
>
> Thanks in advance,
> Todor
Would be easier to add an acl to allow 100000 access - see setfacl.
More information about the lxc-users
mailing list