[lxc-users] Trying to set elevated privileges for non-root user in privileged container
Serge E. Hallyn
serge at hallyn.com
Tue Apr 9 16:45:57 UTC 2019
It looks like the kernel is gating this on having CAP_SYS_NICE
in the initial user namespace.
-serge
On Mon, Apr 01, 2019 at 04:10:57PM -0500, Mark Paterson wrote:
> Any answer on this?
> I'm running lxc from snap, on Ubuntu 16.04. We have a couple of big
> applications at work that I'd like to run in lxc, but only if there is a
> way to make elevated privileges work.
>
> On Wed, Mar 20, 2019 at 2:00 PM Mark Paterson <markpaters at gmail.com> wrote:
>
> > Hi all!
> > I am trying to run as a non-root user an application in a privileged
> > container that requires setting elevated thread priority. From within the
> > container, elevating priority works if I use sudo, so I can tell that the
> > container is not dropping capabilities. The non-root user is set up in
> > /etc/security/limits.d for rtprio, and is mapped via raw.idmap to a host
> > user with equivalent privileges that work on the host side.
> >
> > However, if I try in the container to chrt a process to a higher priority,
> > I get "Operation not permitted." What am I missing?
> >
> > Thanks!
> >
> > Mark
> >
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list