On Wed, Dec 26, 2012 at 10:43:56AM +0900, Kamezawa Hiroyuki wrote:
(2012/12/22 2:08), Daniel P. Berrange wrote:
This series introduces an LXC specific library libvirt-lxc.so which adds ability for a process to connect to the namespaces used by an LXC container from outside. It uses FD passing magic to allow the caller to connect, even if it is not root.
Can any user can execute any commands in a LXC guest by
# virsh -c lxc:/// lxc-enter-namespace demo -- <command>
without any limitation ?
Well you need to be authorized to connect to lxc:/// first, which by default requires you to authorize as root on the host Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|