[avahi] Avahi daemon doesn't work inside an unprivileged container

Yann Soubeyrand ysoubeyrand at adeneo-embedded.com
Fri Feb 6 00:23:36 PST 2015


Avahi daemon doesn't work inside an unprivileged container, more
precisely inside a container where the uid 0 is mapped to an uid other
than 0.

I identified the line where the problem occurs in the Avahi sources:

I don't know if it's a bug of Avahi or if it's a bug inside the kernel.
My guess is that it's the latter one but I'm not sure. I think that the
kernel passes the credentials mapped to zero when it's the sender of the
message whereas it should pass all zero credentials in this case. But I
didn't read the code of netlink and it's purely speculation. Also, I
wonder if it could not introduce security flaws doing so.

Feel free to ask me if you need further information or if you need me to
be clearer in my explanations ;-)

I'm using Debian Sid as my host system (I tried 3.16 and 3.18 kernels)
and Ubuntu Vivid inside my container.


Yann Soubeyrand

More information about the avahi mailing list