Re: [libvirt] [PATCH v3 4/4] lxc: add possibility to define init uid/gid
On Mon, Jun 26, 2017 at 11:41:00AM +0200, Cédric Bosdonnat wrote:
Users may want to run the init command of a container as a special
user / group. This is achieved by adding <inituser> and <initgroup>
elements. Note that the user can either provide a name or an ID to
specify the user / group to be used.
This commit also fixes a side effect of being able to run the command
as a non-root user: the user needs rights on the tty to allow shell
job control.
---
docs/formatdomain.html.in | 7 +++++
docs/schemas/domaincommon.rng | 14 ++++++++++
src/conf/domain_conf.c | 9 ++++++
src/conf/domain_conf.h | 2 ++
src/lxc/lxc_container.c | 52 +++++++++++++++++++++++++++++++++++
tests/lxcxml2xmldata/lxc-inituser.xml | 31 +++++++++++++++++++++
tests/lxcxml2xmltest.c | 1 +
7 files changed, 116 insertions(+)
create mode 100644 tests/lxcxml2xmldata/lxc-inituser.xml
diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index e79a9d5be..f9a5177e0 100644
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -334,6 +334,11 @@
To set a custom work directory for the init, use the
<code>initdir</code>
element.
</p>
+ <p>
+ To run the init command as a given user or group, use the
<code>inituser</code>
+ or <code>initgroup</code> elements respectively. Both elements can be
provided
+ either a user (resp. group) id or a name.
+ </p>
Should mention that you can prefix the user/group with a '+' to force
it to be treated as a numeric UID/GID. Without a '+' the numeric value
will first be tried as username.
If that is noted, then
Reviewed-by: Daniel P. Berrange <berrange(a)redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|