[systemd-devel] access /proc of nspwan container
arnaud gaboury
arnaud.gaboury at gmail.com
Wed Sep 20 11:13:38 UTC 2017
For some reasons (custom kernel with user namespace activated) my
container filesystem owners and permissions has lots of errors. In
short, some files/folders belong to nobody/nobody when in fact they
should be owned by root:root.
I can manage to partially fix things from the host where I can chown
vu-poppy-0:vg-poppy-0 (poppy is obviously container name) the
files/folders. I can use too the fuidshift command . I say partially as
the owner group will always stay nobody.
But i have a problem when it comes to upgrade (container is Fedora, host
Arch) some packages, filesystem being one of them. To upgrade, the
system needs access to /proc/filesystems which is unfortunately owned by
nobody:nobody and can't be changed from host. And the proc folder is
empty for the host, so I can't chwon from host.
How can I access (if I can) container /proc from host?
In general, to solve this annoying owner issue in container
(nobody:nobody), I was thinking making root part of the nobody group. I
know this is a hack, but is there any troubles down the road in doing this?
Thank you for help or hints.
More information about the systemd-devel
mailing list