libvirt-lxc: Permission issue of /proc/net
Daniel P. Berrange
dan at berrange.com
Thu Dec 24 10:21:04 UTC 2020
On Tue, Dec 22, 2020 at 07:14:23PM +0200, John Hurnett wrote:
> Hi,
> I've encountered a problem that some of /proc/net/ files can't be accessed
> in unprivileged containers, because it is owned by nobody:nogroup (-1:-1)
> and have 440 permissions.
> This exact issue was solved in LXC project by unsharing netns:
> https://github.com/lxc/lxc/commit/5b1e83cbc498cd3edeaf13afa987d530299a35a7
> . Maybe it could be similarly fixed on libvirt-lxc?
We already unshare netns when there is an <interface> in your XML
config for the container. Is that still leaving the permissions
issues ? If so maybe its an ordering issue for the unshare.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvirt-users
mailing list