[PVE-User] UIDs > 65535 not valid in container
Frank Thommen
f.thommen at dkfz-heidelberg.de
Fri Mar 13 14:13:54 CET 2020
On 3/12/20 7:58 PM, Frank Thommen wrote:
> On 3/12/20 5:57 PM, Dietmar Maurer wrote:
>>> I fear
>>> this might be a container-related issue but I don't understand it and I
>>> don't know if there is a solution or a workaround.
>>>
>>> Any help or hint is highly appreciated
>>
>> Yes, we only map 65535 IDs for a single container. We cannot allow
>> the full range for security reasons.
>
> What is the security related impact of higher UIDs? This is kind of a
> showstopper for us, as we planned several such minimal services which
> all need to be able to map all existing UIDs in the AD.
>
> The idea was to move them away from heavy full VMs to more lightweight
> containers.
Or the other way round: What are the risks if we change the hardcoded
limits in /usr/share/perl5/PVE/LXC.pm? (apart from the fact, that we
will have to port the changes after each update and upgrade)
frank
More information about the pve-user
mailing list