[lxc-users] What's the best way to copy file from host to container?

Drake Wilson drake at dasyatidae.net
Fri Apr 24 23:14:44 UTC 2015 

Dan Shi wrote:
> OK, I got scp working, it's actually quite straight forward.
> Just wondering if there is other option that doesn't need container's IP?
> i.e., only need container's name. That way the container doesn't need network access.

So, you can't do that _too_ straightforwardly with SSH.  However, you can make
use of other existing mechanisms that allow for shuttling byte streams with file
contents/metadata around, and then open pipes into the container environment with
lxc-attach.

Some possibilities, which you must adjust to your needs if you use them (I haven't
tried most of these personally, just constructing them off the top of my head):

  - For single files you can do something moderately awkward along the lines of:

      <SRC-FILE lxc-attach -n CONTAINER -- sudo -u USER sh -c 'umask NOT-PERMISSIONS && exec cat >DST-FILE'

    but maybe be careful of symlink attacks, not reapplying permissions to existing
    files, etc.

  - Construct the tree of files you want to 'import' into the container, then
    do something like:

      tar -C SRC-DIR -c . | lxc-attach -n CONTAINER -- sudo -u USER tar -C DST-DIR -xvp

  - Set up a script like:

      #!/bin/sh
      n=$1; shift
      exec lxc-attach -n "$1" ${1+-- "$@"}

    and then use:

      rsync -a --rsh=SCRIPT SRC CONTAINER:DST

    with appropriate rsync options of course (-a preserves just about everything, but
    you might not want that; you might need -HAX, --numeric-ids, etc. depending on what
    you're trying to do; e.g., --chown could be quite useful here).

    (This could be adjusted to change to an unprivileged user, but I forget how rsync
    tells the --rsh command about that.)

  - Use SSH, with the sshd in the container running only on its loopback interface,
    and set up .ssh/config on the host with something like:

      Host CONTAINER
      ProxyCommand lxc-attach -n %h -- sudo -u nobody socat - tcp:localhost:%p

    This may play nicer with other tools as well, but it requires that an sshd still
    be active in the container even though it has no network, among other things.

> Thanks,
> Dan

   ---> Drake Wilson

More information about the lxc-users mailing list