On 11/11/2013 05:15 PM, Saurabh Deochake wrote:
Hi all,
I'm trying to restrict privileges of root user inside the container. I searched about
it and got to know about "idmap" element in domain XML.
I added "idmap" element in my container's XML file:
<idmap>
<uid start='0' target='1000' count='10'/>
<gid start='0' target='1000' count='10'/>
</idmap>
I restarted the container with updated XML file.
When I execute "id" command to know if root user inside the container has been
mapped with an user from host, i still get output uid as 0
# id -u root
0
Yes, this user are the root user in this container, but actually he is mapped to a normal
user(uid 1000) on host.
this user still has no right to access the files of host's root user or insmod....
you can try create a file in container, and on host, the owner of this file is uid=1000.
and on the other side, if a file's owner is uid 1000 on host. in this container, you
will
see the owner of this file is uid 0.
Am I doing the steps right to check the user namespacing? Please help
me out with this.
Thanks in advance,
Saurabh Deochake.
NTT DATA OSS Center, Pune, India
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users