Hi Yann, Can you tell me what value of cred->uid you are actually getting inside these containers? I wonder if somehow you are getting the unmapped value. I assume that inside the container running “Id” shows 0, but outside the container you see it remapped to another id?
If you can confirm the lxc version, and possibly supply a config (or as much info as possible) I can reproduce with, that would be great. Cheers, Trent > On 6 Feb 2015, at 4:23 pm, Yann Soubeyrand <ysoubeyr...@adeneo-embedded.com> > wrote: > > Hi, > > Avahi daemon doesn't work inside an unprivileged container, more > precisely inside a container where the uid 0 is mapped to an uid other > than 0. > > I identified the line where the problem occurs in the Avahi sources: > http://git.0pointer.net/avahi.git/tree/avahi-core/netlink.c#n85. > > I don't know if it's a bug of Avahi or if it's a bug inside the kernel. > My guess is that it's the latter one but I'm not sure. I think that the > kernel passes the credentials mapped to zero when it's the sender of the > message whereas it should pass all zero credentials in this case. But I > didn't read the code of netlink and it's purely speculation. Also, I > wonder if it could not introduce security flaws doing so. > > Feel free to ask me if you need further information or if you need me to > be clearer in my explanations ;-) > > I'm using Debian Sid as my host system (I tried 3.16 and 3.18 kernels) > and Ubuntu Vivid inside my container. > > Cheers > > > > -- > Yann Soubeyrand > > _______________________________________________ > avahi mailing list > avahi@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/avahi _______________________________________________ avahi mailing list avahi@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/avahi
