Dear all,
On 13.03.20 14:13, Frank Thommen wrote:
On 3/12/20 7:58 PM, Frank Thommen wrote:
On 3/12/20 5:57 PM, Dietmar Maurer wrote:
I fear
this might be a container-related issue but I don't understand it and I
don't know if there is a solution or a workaround.
Any help or hint is highly appreciated
Yes, we only map 65535 IDs for a single container. We cannot allow
the full range for security reasons.
What is the security related impact of higher UIDs? This is kind of a
showstopper for us, as we planned several such minimal services which
all need to be able to map all existing UIDs in the AD.
The idea was to move them away from heavy full VMs to more lightweight
containers.
Or the other way round: What are the risks if we change the hardcoded
limits in /usr/share/perl5/PVE/LXC.pm? (apart from the fact, that we
will have to port the changes after each update and upgrade)
Does anyone have an assessment of the risk we would run? I still don't
understand the security implications of the mapping of higher UIDs.
However this is quickly becoming a major issue for us.
Cheers
Frank
_______________________________________________
pve-user mailing list
pve-user@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
