[systemd-devel] Enter in systemd-nspawn as specific user
Simon McVittie
simon.mcvittie at collabora.co.uk
Thu Oct 2 04:13:06 PDT 2014
On 02/10/14 10:09, Miroslav Suchy wrote:
> If I want to become specific user inside of that container, I have to do
> something like:
>
> /usr/bin/systemd-nspawn -D foo /bin/su -l mockbuild -c 'rpmbuild -root
> \'/build\' ...'
>
> which quickly go into escape-hell.
If you put a better privilege-altering tool than su in your container,
like sudo or even chrootuid, you should be able to do something more like:
systemd-nspawn -D foo sudo -u mockbuild rpmbuild -root /build ...
or indeed chain multiple "adverb" tools:
... sudo ... -- env VAR=VAL ... -- nice ionice ... -- rpmbuild ...
without getting into multiple layers of quoting.
I think the real feature request here is for something with a less
horrible command-line syntax than su -c, which has the misfeature that,
like sh -c, it interprets its single argument as a shell command-line.
"Adverb" tools (sudo, chrootuid, env, chroot, nice, ionice, ssh,
systemd-nspawn...) produce much nicer command-lines.
S
More information about the systemd-devel
mailing list