Replies: 1 comment 5 replies
-
|
Are you ssh into the container? Only the primary process (pid 1) of the container is guaranteed access to the leaked group sockets. |
Beta Was this translation helpful? Give feedback.
-
But what can I do to make it also work inside a SSH session? |
Beta Was this translation helpful? Give feedback.
-
|
Are the uid/gid also different? :( |
Beta Was this translation helpful? Give feedback.
-
|
You could take the hosts GID and map it to itself within the container. If this is a systemd based container running sshd then that would be the only way. If you are running sshd as PID 1 inside of the container, then you might be able to get sshd to leak the file descriptor to the session, although I doubt you can. Why are you ssh into the container versus using podman exec? |
Beta Was this translation helpful? Give feedback.
-
Can you explain this in more detail, please?
The IDE we are using (CLion/Intellij) works - as I am aware of - only reliable good if the container with the developer environment is connected through ssh. The dev environment but also contains tools like "flash a device over /dev/tty..." which can be directly executed from the IDE. |
Beta Was this translation helpful? Give feedback.
-
|
Say the GID required for access is GID 10. Then all users of the tool would need to have USER 10:10:1 In the /etc/subgid. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I try to access a host device inside a container while being connected through ssh.
I use
--userns keep-id --group-add keep-groups --device /dev/ttyS0when running the container.Inside the container, I can call
cat /ttyS0without a problem.idshows:If I connect me through ssh, I get
Permission deniedwtihcat /ttyS0.idshows:How do I get the correct group rights when using ssh?
My minimal example:
https://gist.github.com/Viatorus/278266a421443e46bfa53f045a6bd474
Beta Was this translation helpful? Give feedback.
All reactions