[lxc-users] Unprivileged LXC and world-writable /dev/ttyUSB...

Dr. Todor Dimitrov dimitrov at technology.de
Fri Jan 5 22:29:03 UTC 2018


Yes, that’s exactly what we’ve done.

Thank you.

> On 5. Jan 2018, at 23:27, Serge E. Hallyn <serge at hallyn.com> wrote:
> 
> Quoting Dr. Todor Dimitrov (dimitrov at technology.de):
>> Hallo,
>> 
>> accessing the /dev/ttyUSB… devices from inside an unprivileged container requires that the dev nodes are configured with world-writable permissions, i.e.
>> 
>> crw-rw-rw-    1 root     root      188,   0 Jan  1  1970 /dev/ttyUSB0
>> 
>> Is there a way to make the subordinate user (e.g. subuid 100000) be a member of a group (e.g. dialout) such that the access to the /dev/ttyUSB… devices is somewhat restricted, e.g.
>> 
>> crw-rw----    1 root     dialout      188,   0 Jan  1  1970 /dev/ttyUSB0
>> 
>> I guess the reverse configuration would be possible, but not very generic:
>> 
>> crw-rw----    1 root     100000      188,   0 Jan  1  1970 /dev/ttyUSB0
>> 
>> Thanks in advance,
>> Todor
> 
> Would be easier to add an acl to allow 100000 access - see setfacl.
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180105/b1972c72/attachment.html>


More information about the lxc-users mailing list