[lxc-users] unprivileged containers in RHEL-based OS
Christian Evans
frodox at zoho.com
Wed Jul 23 14:39:20 UTC 2014
Does anybody try to create an unprivileged containers in RHEL/CentOs/Fedora ?
The main problem -- I can't find a rpm like uidmap for ubuntu to make
# usermod --add-subuids 100000-165536 $USER
Should I compile it from src from somewhere..?
---
Also I have a question, that I interested in for a long time. It's about "LXC 1.0: Unprivileged containers [7/10]" article [1].
There are words:
> Well, simply put, each user that’s allowed to use them on the system gets assigned a range of unused uids and gids,
> ideally a whole 65536 of them.
why 65536?
AFAIK, UIDs can be much more, and it depends on system limits. Or, is it a limit for containers especially?
So, what about other uids in container?
For example, if I have 200 unprivileged containers, should I map 65536 uids of every container
into *different* area of host uid map? In this case I would need 200*65536 = 13 107 200 of free uids on host...
I misunderstand this point. Could someone correct me, please?
---
P.s. I have installed lxc-1.0.5 from git on Centos 7.0,
( like
./configure --prefix=/usr --enable-seccomp --enable-capabilities
make && make install
)
and I can't find lxc's man pages (nothing in /usr/share/man). Looks like they just didn't install. Does anyone have same issues?
I also installed it on Fedora 20, and there all fine with man pages.
There are another issue.. but I need to check it on clean installation first.
[1]: https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
---
Regards,
Christian.
More information about the lxc-users
mailing list