[lxc-users] how to run unprivileged containers on Debian stable (+backports)

Rami Rosen roszenrami at gmail.com
Fri Apr 4 21:56:09 UTC 2014


>"A version of PAM with a loginuid patch that's yet to be in any released
>version"? What version, what patch?

I think that this is the patch:

commit 24f3a88e7de52fbfcb7b8a1ebdae0cdbef420edf
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Tue Jan 7 16:12:03 2014 -0800

    pam_loginuid: Ignore failure in user namespaces

Rami Rosen

On Fri, Apr 4, 2014 at 5:38 PM, Thomas Koch <thomas at koch.ro> wrote:
> Hi,
> I've found stgrabers article on running lxc unprivileged containers[1]. But
> he's using ubuntu and I'd like to know, whether anybody tried it on Debian and
> which packages would need to be backported to current Debian stable.
> [1] https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers
> He explicitly mentions "A very recent version of shadow that supports
> subuid/subgid". Is version recent enough? But I can't find information
> on subuid support in this version and there's no more recent version of shadow
> anywhere.
> "A version of PAM with a loginuid patch that's yet to be in any released
> version"? What version, what patch?
> "Kernel: 3.13 + a couple of staging patches (which Ubuntu has in its kernel)".
> So 3.14 should be good?
> I already compiled lxc 1.0.1 myself on Debian stable.
> Thank you, Thomas Koch
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list