[libvirt] [PATCH v3 4/4] lxc: add possibility to define init uid/gid

Daniel P. Berrange berrange at redhat.com
Tue Jul 4 15:35:50 UTC 2017 

On Mon, Jun 26, 2017 at 11:41:00AM +0200, Cédric Bosdonnat wrote:
> Users may want to run the init command of a container as a special
> user / group. This is achieved by adding <inituser> and <initgroup>
> elements. Note that the user can either provide a name or an ID to
> specify the user / group to be used.
> 
> This commit also fixes a side effect of being able to run the command
> as a non-root user: the user needs rights on the tty to allow shell
> job control.
> ---
>  docs/formatdomain.html.in             |  7 +++++
>  docs/schemas/domaincommon.rng         | 14 ++++++++++
>  src/conf/domain_conf.c                |  9 ++++++
>  src/conf/domain_conf.h                |  2 ++
>  src/lxc/lxc_container.c               | 52 +++++++++++++++++++++++++++++++++++
>  tests/lxcxml2xmldata/lxc-inituser.xml | 31 +++++++++++++++++++++
>  tests/lxcxml2xmltest.c                |  1 +
>  7 files changed, 116 insertions(+)
>  create mode 100644 tests/lxcxml2xmldata/lxc-inituser.xml
> 
> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index e79a9d5be..f9a5177e0 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -334,6 +334,11 @@
>        To set a custom work directory for the init, use the <code>initdir</code>
>        element.
>      </p>
> +    <p>
> +      To run the init command as a given user or group, use the <code>inituser</code>
> +      or <code>initgroup</code> elements respectively. Both elements can be provided
> +      either a user (resp. group) id or a name.
> +    </p>

Should mention that you can prefix the user/group with a '+' to force
it to be treated as a numeric UID/GID. Without a '+' the numeric value
will first be tried as username.

If that is noted, then

Reviewed-by: Daniel P. Berrange <berrange at redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

More information about the libvir-list mailing list