I’m surely not the first person to suggest that lxc exec and launch and delete etc. should be more than ‘all or nothing’ and I’m surely not going to be the last.
Here is my suggestion for debate
As Implementing a comprehensive security system within LXD is going to be a staggering amount of work I’m suggesting that instead that a embedded scripture a REST API call be added optionally to LXD and if its enabled then all operations (add,del,launch,exec etc/) requests are sent to the auth hook for validation before they are executed. This will include UID/GID of Cli callers. Direct Api access can use a name associated with the certificate.
The AUTH Api could then flat fail, pass or modify the request…
Best yet the development effort for this is mostly delegated to the administrators of the LXD and not on the LXD developers.
Thanks for reading