My apologies, there was a typo in my original comment. I meant to say (and have edited in):
if I run '/bin/su - user1 -c "cat /etc/passwd" , I see the real full /etc/passwd of the system, with all user accounts in it.
Should I not be presented with /var/cagefs/00/user1/etc/passwd when I try to look at /etc/passwd?
pam_lve is not enabled for su, you can enable it in /etc/pam.d/su but probably you shouldn't
OK. I don't think I need to, I'm just trying to confirm the filesystem isolation is working.
Only problem... If I actually SSH to the server as user1... and again as a test, cat /etc/passwd. I am presented with the full /etc/passwd of the system, as opposed to seeing the contents of /var/cagefs/00/user1/etc/passwd as I would expect.
I know something is probably misconfigured, but I'm trying to figure out what that might be.