[lxc-users] Unprivileged LXC and world-writable /dev/ttyUSB...
Dr. Todor Dimitrov
dimitrov at technology.de
Fri Jan 5 22:29:03 UTC 2018
Yes, that’s exactly what we’ve done.
Thank you.
> On 5. Jan 2018, at 23:27, Serge E. Hallyn <serge at hallyn.com> wrote:
>
> Quoting Dr. Todor Dimitrov (dimitrov at technology.de):
>> Hallo,
>>
>> accessing the /dev/ttyUSB… devices from inside an unprivileged container requires that the dev nodes are configured with world-writable permissions, i.e.
>>
>> crw-rw-rw- 1 root root 188, 0 Jan 1 1970 /dev/ttyUSB0
>>
>> Is there a way to make the subordinate user (e.g. subuid 100000) be a member of a group (e.g. dialout) such that the access to the /dev/ttyUSB… devices is somewhat restricted, e.g.
>>
>> crw-rw---- 1 root dialout 188, 0 Jan 1 1970 /dev/ttyUSB0
>>
>> I guess the reverse configuration would be possible, but not very generic:
>>
>> crw-rw---- 1 root 100000 188, 0 Jan 1 1970 /dev/ttyUSB0
>>
>> Thanks in advance,
>> Todor
>
> Would be easier to add an acl to allow 100000 access - see setfacl.
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180105/b1972c72/attachment.html>
More information about the lxc-users
mailing list