Ubuntu
lxc package

Isolation of container user and global user needed

Bug #1569462 reported by naisanza
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

When creating a new container, and creating a new user within the container, if the new user has the same id and gid as a global user, the processes created within the container are owned by that global user.

This causes unexpected ownership of container processes by users of the global zone, which shouldn't happen. Processes spawned from a container zone should be isolated from the global zone users.

Ubuntu Release:

root@lxc:~# lsb_release -rd
Description: Ubuntu Xenial Xerus (development branch)
Release: 16.04

Package Version:

root@lxc:~# apt-cache policy lxc
lxc:
  Installed: 2.0.0~rc15-0ubuntu1
  Candidate: 2.0.0-0ubuntu1
  Version table:
     2.0.0-0ubuntu1 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        500 http://us.archive.ubuntu.com/ubuntu xenial/main i386 Packages
 *** 2.0.0~rc15-0ubuntu1 100
        100 /var/lib/dpkg/status

Tags: xenial
Revision history for this message
Stéphane Graber (stgraber) wrote :

That's what unprivileged containers are for.

Changed in lxc (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.