[libvirt-users] User Namespace in LXC
Gao feng
gaofeng at cn.fujitsu.com
Mon Nov 11 09:30:58 UTC 2013
On 11/11/2013 05:15 PM, Saurabh Deochake wrote:
> Hi all,
>
> I'm trying to restrict privileges of root user inside the container. I searched about it and got to know about "idmap" element in domain XML.
>
> I added "idmap" element in my container's XML file:
>
> <idmap>
> <uid start='0' target='1000' count='10'/>
> <gid start='0' target='1000' count='10'/>
> </idmap>
>
> I restarted the container with updated XML file.
>
> When I execute "id" command to know if root user inside the container has been mapped with an user from host, i still get output uid as 0
>
> # id -u root
> 0
>
Yes, this user are the root user in this container, but actually he is mapped to a normal user(uid 1000) on host.
this user still has no right to access the files of host's root user or insmod....
you can try create a file in container, and on host, the owner of this file is uid=1000.
and on the other side, if a file's owner is uid 1000 on host. in this container, you will
see the owner of this file is uid 0.
> Am I doing the steps right to check the user namespacing? Please help me out with this.
>
> Thanks in advance,
>
> Saurabh Deochake.
> NTT DATA OSS Center, Pune, India
>
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
>
More information about the libvirt-users
mailing list