[libvirt] [PATCH v3 4/4] lxc: add possibility to define init uid/gid
Daniel P. Berrange
berrange at redhat.com
Tue Jul 4 15:35:50 UTC 2017
On Mon, Jun 26, 2017 at 11:41:00AM +0200, Cédric Bosdonnat wrote:
> Users may want to run the init command of a container as a special
> user / group. This is achieved by adding <inituser> and <initgroup>
> elements. Note that the user can either provide a name or an ID to
> specify the user / group to be used.
>
> This commit also fixes a side effect of being able to run the command
> as a non-root user: the user needs rights on the tty to allow shell
> job control.
> ---
> docs/formatdomain.html.in | 7 +++++
> docs/schemas/domaincommon.rng | 14 ++++++++++
> src/conf/domain_conf.c | 9 ++++++
> src/conf/domain_conf.h | 2 ++
> src/lxc/lxc_container.c | 52 +++++++++++++++++++++++++++++++++++
> tests/lxcxml2xmldata/lxc-inituser.xml | 31 +++++++++++++++++++++
> tests/lxcxml2xmltest.c | 1 +
> 7 files changed, 116 insertions(+)
> create mode 100644 tests/lxcxml2xmldata/lxc-inituser.xml
>
> diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
> index e79a9d5be..f9a5177e0 100644
> --- a/docs/formatdomain.html.in
> +++ b/docs/formatdomain.html.in
> @@ -334,6 +334,11 @@
> To set a custom work directory for the init, use the <code>initdir</code>
> element.
> </p>
> + <p>
> + To run the init command as a given user or group, use the <code>inituser</code>
> + or <code>initgroup</code> elements respectively. Both elements can be provided
> + either a user (resp. group) id or a name.
> + </p>
Should mention that you can prefix the user/group with a '+' to force
it to be treated as a numeric UID/GID. Without a '+' the numeric value
will first be tried as username.
If that is noted, then
Reviewed-by: Daniel P. Berrange <berrange at redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list