Hi folks, I've setup a full system container, without sys_admin capabilities. Aside from any other side-effects this might have, I found that using lxc-execute to run a single command inside the container no longer works:
$ sudo lxc-execute -n template ls
lxc-init: failed to mount /proc : Operation not permitted
(My usecase is running dpkg-reconfigure after duplicating a container
to regenerate SSH keys)
Looking at the code, this makes sense: lxc-execute drops privileges,
then runs lxc-init inside the container to run the actual command, and
then lxc-init tries to mount /proc, /dev/shm and /dev/mqueue.
So the real question of this mail is: Why does lxc-init do this
mounting instead of lxc-execute? I thought that lxc-init might be setuid
root, but that seems not te case.
Gr.
Matthijs
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev
_______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
