[lxc-users] Running unprotected system container
Koehler, Yannick
yannick.koehler at hpe.com
Tue Jun 16 11:25:58 UTC 2020
Hi Fajar,
If I use a Ubuntu image it works fine and I can run bash within the container. So I know the issue is somehow related to my imported image but I fail to understand why at this time.
All the files in the imported tarball were uid/gid 0, I can run the /sbin/init and that script can run other binaries inside the container with no issue. But when I try to do “exec c1 /bin/ash” in that prompt I am getting permission denied on everything, using absolute paths also didn’t work.
I am wondering if it has to do with container being armhf while host is arm64, and somehow “exec” vs “launch/start” would fail to set things accordingly? Or if I need to do some other tricks in my tarball?
Is there a way to force install / launch an armhf ubuntu image as to validate/eliminate the armhf/arm64 variable?
On Jun 16, 2020, 12:10 AM -0400, Fajar A. Nugraha <list at fajar.net>, wrote:
On Mon, Jun 15, 2020 at 9:23 PM Koehler, Yannick
<yannick.koehler at hpe.com> wrote:
I am still faced with the situation where if I run sh inside my container then any command I try to execute such as /bin/ls returns permission denied.
Any clue as to what I need to adjust to enable me to get inside my container as to inspect and try stuff out?
Works for me. I even tested just now on ubuntu core host, with the
container using host's network interface.
Did you follow my example exactly?
Are you perhaps missing "security.privileged: 1" on the container config?
Try with the default ubuntu image (e.g. from images:ubuntu/20.04)
first, in case there's something wrong with your container rootfs.
--
Fajar
_______________________________________________
lxc-users mailing list
lxc-users at lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20200616/570b9a44/attachment.htm>
More information about the lxc-users
mailing list