On Tue, Dec 22, 2020 at 07:14:23PM +0200, John Hurnett wrote: > Hi, > I've encountered a problem that some of /proc/net/ files can't be accessed > in unprivileged containers, because it is owned by nobody:nogroup (-1:-1) > and have 440 permissions. > This exact issue was solved in LXC project by unsharing netns: > https://github.com/lxc/lxc/commit/5b1e83cbc498cd3edeaf13afa987d530299a35a7 > . Maybe it could be similarly fixed on libvirt-lxc? We already unshare netns when there is an <interface> in your XML config for the container. Is that still leaving the permissions issues ? If so maybe its an ordering issue for the unshare. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
