On Mon, Jun 26, 2017 at 11:41:00AM +0200, Cédric Bosdonnat wrote: > Users may want to run the init command of a container as a special > user / group. This is achieved by adding <inituser> and <initgroup> > elements. Note that the user can either provide a name or an ID to > specify the user / group to be used. > > This commit also fixes a side effect of being able to run the command > as a non-root user: the user needs rights on the tty to allow shell > job control. > --- > docs/formatdomain.html.in | 7 +++++ > docs/schemas/domaincommon.rng | 14 ++++++++++ > src/conf/domain_conf.c | 9 ++++++ > src/conf/domain_conf.h | 2 ++ > src/lxc/lxc_container.c | 52 +++++++++++++++++++++++++++++++++++ > tests/lxcxml2xmldata/lxc-inituser.xml | 31 +++++++++++++++++++++ > tests/lxcxml2xmltest.c | 1 + > 7 files changed, 116 insertions(+) > create mode 100644 tests/lxcxml2xmldata/lxc-inituser.xml > > diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in > index e79a9d5be..f9a5177e0 100644 > --- a/docs/formatdomain.html.in > +++ b/docs/formatdomain.html.in > @@ -334,6 +334,11 @@ > To set a custom work directory for the init, use the <code>initdir</code> > element. > </p> > + <p> > + To run the init command as a given user or group, use the <code>inituser</code> > + or <code>initgroup</code> elements respectively. Both elements can be provided > + either a user (resp. group) id or a name. > + </p> Should mention that you can prefix the user/group with a '+' to force it to be treated as a numeric UID/GID. Without a '+' the numeric value will first be tried as username. If that is noted, then Reviewed-by: Daniel P. Berrange <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
