On 11/11/2013 05:15 PM, Saurabh Deochake wrote: > Hi all, > > I'm trying to restrict privileges of root user inside the container. I searched about it and got to know about "idmap" element in domain XML. > > I added "idmap" element in my container's XML file: > > <idmap> > <uid start='0' target='1000' count='10'/> > <gid start='0' target='1000' count='10'/> > </idmap> > > I restarted the container with updated XML file. > > When I execute "id" command to know if root user inside the container has been mapped with an user from host, i still get output uid as 0 > > # id -u root > 0 > Yes, this user are the root user in this container, but actually he is mapped to a normal user(uid 1000) on host. this user still has no right to access the files of host's root user or insmod.... you can try create a file in container, and on host, the owner of this file is uid=1000. and on the other side, if a file's owner is uid 1000 on host. in this container, you will see the owner of this file is uid 0. > Am I doing the steps right to check the user namespacing? Please help me out with this. > > Thanks in advance, > > Saurabh Deochake. > NTT DATA OSS Center, Pune, India > > > _______________________________________________ > libvirt-users mailing list > libvirt-users@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvirt-users > _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
