__________ I'm using this express-made address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should fix this against automated addresses collectors. El 3/12/19 a les 18:53, Serge E. Hallyn ha escrit: > On Mon, Dec 02, 2019 at 08:34:33PM +0100, Narcis Garcia wrote: >> For my first LXC tests, I've created an "lxc" unprivileged account and >> "vhosts" group for it. >> >> One key of the unprivileged account is to not be same user as root one, >> of course. But what about when I'm using same unprivileged account for >> more that one container (VPS)? > > If you map the user's uid into the container, then if you are trying to > keep the container segragated, you'll need separate accounts to own each > container. Otherwise, you can just use different subuid ranges for each. >
Sorry for my bad english (both to write and read): Here is an example: [host]$ ps -A -o pid,user,cmd | grep -ie lxc 658 root /usr/bin/lxcfs /var/lib/lxcfs/ 12873 unpriv [lxc monitor] /home/unpriv/.local/share/lxc vps01 14246 unpriv [lxc monitor] /home/unpriv/.local/share/lxc vps02 15762 unpriv [lxc monitor] /home/unpriv/.local/share/lxc vps03 24076 root grep -ie lxc Can a guest from "vps01" access to resources of "vps02" because of using same host's user account? [host]$ ps -A -o pid,user,cmd | grep 165641 13549 165641 /usr/sbin/exim4 -bd -q30m 15197 165641 /usr/sbin/exim4 -bd -q30m 24170 root grep 165641 PID 13549 is from vps01 and PID 15197 is from vps02 "165641" is the guest UID as seen by host. _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
