View previous topic :: View next topic |
Author |
Message |
MAH69K n00b
Joined: 18 Nov 2015 Posts: 15
|
Posted: Sat Jul 06, 2019 6:04 pm Post subject: Unprivileged LXC container |
|
|
Hi! I have question about unprivileged containers on the host with OpenRC.
1. Why wiki describes creating dedicated user? It's possible to avoid creating new user?
2. Section Create user namespace manually with no systemd looks... strange. It's really need use this script with .bashrc? Maybe now exists more correct and good method?
Also I want to know - it's possible to share /usr/portage between multiple containers? In ideal - also between host. In template from lxc-templates package I found this lines:
Code: | #If you use eix, you should uncomment this
#lxc.mount.entry=/var/cache/eix var/cache/eix none ro,bind 0 0" |
As I understood - this is make shared /var/cache/eix between host and container, as I want? Is this work with unprivileged containers? Because template works only with priveleged. |
|
Back to top |
|
|
skunk l33t
Joined: 28 May 2003 Posts: 646 Location: granada, spain
|
Posted: Sun Jul 07, 2019 11:16 am Post subject: Re: Unprivileged LXC container |
|
|
MAH69K wrote: | Hi! I have question about unprivileged containers on the host with OpenRC.
1. Why wiki describes creating dedicated user? It's possible to avoid creating new user? |
If you are the only one administering the host, yes, you may avoid creating a new user and use root instead to start the container.
The new user is required only if you want an unprivileged user to be allowed to run lxc-start...
Again, not required if you run lxc-start as root (eg. if you start the container from the init script)
MAH69K wrote: | Also I want to know - it's possible to share /usr/portage between multiple containers? |
yes, just add:
Code: | lxc.mount.entry=/usr/portage usr/portage none ro,bind 0 0" |
to the container's configuration file and redefine DISTDIR/PKGDIR to some r/w directories...
MAH69K wrote: | In ideal - also between host. In template from lxc-templates package I found this lines:
Code: | #If you use eix, you should uncomment this
#lxc.mount.entry=/var/cache/eix var/cache/eix none ro,bind 0 0" |
As I understood - this is make shared /var/cache/eix between host and container, as I want? Is this work with unprivileged containers? Because template works only with priveleged. |
this is for sharing the eix cache with the host, it should work fine... |
|
Back to top |
|
|
MAH69K n00b
Joined: 18 Nov 2015 Posts: 15
|
Posted: Mon Jul 08, 2019 7:22 pm Post subject: |
|
|
Hm. So I need create and start container as root (not as normal user) even this is unprivileged container?
And my /etc/subuid must be like this:
? |
|
Back to top |
|
|
skunk l33t
Joined: 28 May 2003 Posts: 646 Location: granada, spain
|
Posted: Mon Jul 08, 2019 7:26 pm Post subject: |
|
|
yes... and don't forget /etc/subgid... |
|
Back to top |
|
|
|