Re: libvirt-lxc: Permission issue of /proc/net
On Tue, Dec 22, 2020 at 07:14:23PM +0200, John Hurnett wrote:
Hi,
I've encountered a problem that some of /proc/net/ files can't be accessed
in unprivileged containers, because it is owned by nobody:nogroup (-1:-1)
and have 440 permissions.
This exact issue was solved in LXC project by unsharing netns:
https://github.com/lxc/lxc/commit/5b1e83cbc498cd3edeaf13afa987d530299a35a7
. Maybe it could be similarly fixed on libvirt-lxc?
We already unshare netns when there is an <interface> in your XML
config for the container. Is that still leaving the permissions
issues ? If so maybe its an ordering issue for the unshare.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|