On Wed, Dec 26, 2012 at 10:43:56AM +0900, Kamezawa Hiroyuki wrote: > (2012/12/22 2:08), Daniel P. Berrange wrote: > >This series introduces an LXC specific library libvirt-lxc.so > >which adds ability for a process to connect to the namespaces > >used by an LXC container from outside. It uses FD passing > >magic to allow the caller to connect, even if it is not root. > > > > Can any user can execute any commands in a LXC guest by > > # virsh -c lxc:/// lxc-enter-namespace demo -- <command> > > without any limitation ? Well you need to be authorized to connect to lxc:/// first, which by default requires you to authorize as root on the host Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list