[lxc-users] Convert LXC Guests from privileged to unprivileged

Serge Hallyn serge.hallyn at ubuntu.com
Thu Dec 3 18:44:17 UTC 2015


Quoting Dietmar Maurer (dietmar at proxmox.com):
> 
> 
> > On December 3, 2015 at 5:56 PM Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> > 
> > 
> > Quoting Wolfgang Bumiller (w.bumiller at proxmox.com):
> > > > fwiw lxd also ships with 'fuidshift' which has the same functionality.
> > > 
> > > After a quick glance over the code I only see it handling file ownership.
> > > What about ACLs? (And perhaps other extra attributes I'm unaware of.)
> > 
> > Good point.  Patch for lxd's fuidshift appreciated :)
> 
> Would it make sense to ship such binary with LXC (we do not use LXD at all)?

I've thought about moving the one from my nsexec bzr tree over a few times
over the years.  But I think the download template, and the ease of doing
lxc-usernsexec tar zxf made it never quite needed enough to do it.

I'd prefer not to have two completely separate codebases for the same tool :),
but it sounds like it would make sense for you, so if you send a patch to
do so, +1.  (We also could simply make the uidmap go code from lxd a separate
package and have lxc optionally go get and build that.)

-serge


More information about the lxc-users mailing list