| 2014-11-21 17:12:11 |
Adam Ryczkowski |
description |
On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that:
$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
To reproduce:
1. Download and install the Ubuntu amd64 minimalcd
2. Install lxc on it and openssh for convenience.
3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do:
a) sudo usermod --add-subuids 100000-165536 $USER
b) sudo usermod --add-subgids 100000-165536 $USER
c) sudo chmod +x $HOME
d) create the file ~/.config/lxc/default.conf with the following contents:
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
e) echo "$USER veth lxcbr0 10" | sudo tee /etc/lxc/lxc-usernet
(restart is not required)
4. Create the container with
lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64
5. Install openssh-server in the container:
lxc-start -d -n p1
lxc-attach -n p1 -- apt-get install openssh-server
6. Add a user "adam" with the group sudo
lxc-attach -n p1 -- adduser adam sudo
7. Set a password for the user
8. Log in via ssh (and provide the password from step 7)
ssh p1@adam
9. On the p1:
adam@p1$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
I expected it to make change the user to root.
lxc version: 1.0.3-0ubuntu3
$cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id
20141101_03:49 |
On Ubuntu 14.04 64 bit, after adding a user into an unprivileged container, the sudo complains that:
$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
To reproduce:
1. Download and install the Ubuntu amd64 minimalcd
2. Install lxc on it and openssh for convenience.
3. follow https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ ; specifically do:
a) sudo usermod --add-subuids 100000-165536 $USER
b) sudo usermod --add-subgids 100000-165536 $USER
c) sudo chmod +x $HOME
d) create the file ~/.config/lxc/default.conf with the following contents:
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
e) echo "$USER veth lxcbr0 10" | sudo tee /etc/lxc/lxc-usernet
(restart is not required)
4. Create the container with
lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64
5. Install openssh-server in the container:
lxc-start -d -n p1
lxc-attach -n p1 -- apt-get install openssh-server
6. Add a user "adam" with the group sudo
lxc-attach -n p1 -- adduser adam sudo
7. Set a password for the user
8. Log in via ssh (and provide the password from step 7)
ssh p1@adam
9. On the p1:
adam@p1$ sudo su
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
I expected it to make change the user to root.
lxc version: 1.0.3-0ubuntu3
$cat ~/.cache/lxc/download/ubuntu/trusty/amd64/default/build_id
20141101_03:49
---
ApportVersion: 2.14.1-0ubuntu3.5
Architecture: amd64
DistroRelease: Ubuntu 14.04
EcryptfsInUse: Yes
Package: lxc
PackageArchitecture: amd64
ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8
Tags: trusty
Uname: Linux 3.13.0-39-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo
_MarkForUpload: True |
|
