> From: Serge Hallyn
> Sent by: "lxc-users"
> Date: 01/11/2016 23:36
> Subject: Re: [lxc-users] is starting unprivileged containers as root as
> secure as running them as any other user?
>
> Quoting Carlos Alberto Lopez Perez (clo...@igalia.com):
> > On 11/01/
2016 23:36
Subject: Re: [lxc-users] is starting unprivileged containers as root as secure
as running them as any other user?
Quoting Carlos Alberto Lopez Perez (clo...@igalia.com):
> On 11/01/16 23:13, Serge Hallyn wrote:
> > Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch):
&g
Greetings, Saint Michael!
> I noticed that lxc-attach does not run
> source /etc/profile
> and that is an issue since we set many environment variables and settings
> that are needed for what comes next.
> Is there a workaround?
lxc-attach -n container -- sudo -i
--
With best regards,
Andr
I noticed that lxc-attach does not run
source /etc/profile
and that is an issue since we set many environment variables and settings
that are needed for what comes next.
Is there a workaround?
On Wed, Jan 13, 2016 at 4:49 PM, Serge Hallyn
wrote:
> Quoting Carlos Alberto Lopez Perez (clo...@igali
Quoting Carlos Alberto Lopez Perez (clo...@igalia.com):
> On 11/01/16 23:36, Serge Hallyn wrote:
> > The lxc-attach weakness I mentioned does not apply to 'lxc exec', because
> > lxd interposes a pty between your console and the container's.
>
> I understand that I could do the same (get a fresh P
On 11/01/16 23:36, Serge Hallyn wrote:
> The lxc-attach weakness I mentioned does not apply to 'lxc exec', because
> lxd interposes a pty between your console and the container's.
I understand that I could do the same (get a fresh PTY before attaching) with
(for example): "screen lxc-attach ..." [
Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch):
> So if I understood correctly, this means that lxd could potentially suffer
> from a weakness in 'lxc monitor' meaning that it is more secure to run
> unprivileged containers using the low level lxc-... functions?
I mentioned the lxc-mon
: Serge Hallyn
Sent by: "lxc-users"
Date: 01/11/2016 23:36
Subject: Re: [lxc-users] is starting unprivileged containers as root as secure
as running them as any other user?
Quoting Carlos Alberto Lopez Perez (clo...@igalia.com):
> On 11/01/16 23:13, Serge Hallyn wrote:
> > Q
Quoting Carlos Alberto Lopez Perez (clo...@igalia.com):
> On 11/01/16 23:13, Serge Hallyn wrote:
> > Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch):
> >> Hmm, this is interesting.
> >> I am runnung my container from the unprivileged user 'lxduser' and yet:
> >>
> >> root@qumind:~# ps -ef
On 11/01/16 23:13, Serge Hallyn wrote:
> Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch):
>> Hmm, this is interesting.
>> I am runnung my container from the unprivileged user 'lxduser' and yet:
>>
>> root@qumind:~# ps -ef | grep '[l]xc monitor'
>> root 7609 1 0 11:54 ?00:
Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch):
> Hmm, this is interesting.
> I am runnung my container from the unprivileged user 'lxduser' and yet:
>
> root@qumind:~# ps -ef | grep '[l]xc monitor'
> root 7609 1 0 11:54 ? 00:00:00 [lxc monitor]
> /var/lib/lxd/container
c-users" wrote: -
To: LXC users mailing-list
From: Serge Hallyn
Sent by: "lxc-users"
Date: 01/11/2016 19:00
Subject: Re: [lxc-users] is starting unprivileged containers as root as secure
as running them as any other user?
Quoting Carlos Alberto Lopez Perez (clo...@igalia
Quoting Carlos Alberto Lopez Perez (clo...@igalia.com):
> On 08/01/16 19:58, Serge Hallyn wrote:
> > Quoting Carlos Alberto Lopez Perez (clo...@igalia.com):
> >> Hi,
> >>
> >>
> >> Suppose that we create an unprivileged container as root (using the
> >> download template or manually converting it w
On 08/01/16 19:58, Serge Hallyn wrote:
> Quoting Carlos Alberto Lopez Perez (clo...@igalia.com):
>> Hi,
>>
>>
>> Suppose that we create an unprivileged container as root (using the
>> download template or manually converting it with uidmapshift).
>>
>> Such container config will contain (for exampl
Quoting Carlos Alberto Lopez Perez (clo...@igalia.com):
> Hi,
>
>
> Suppose that we create an unprivileged container as root (using the
> download template or manually converting it with uidmapshift).
>
> Such container config will contain (for example) the following maps:
>
> lxc.id_map = u 0
Hi,
Suppose that we create an unprivileged container as root (using the
download template or manually converting it with uidmapshift).
Such container config will contain (for example) the following maps:
lxc.id_map = u 0 10 65536
lxc.id_map = g 0 10 65536
And root would be also allowed
16 matches
Mail list logo
