[lxc-users] Convert LXC Guests from privileged to unprivileged
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Dec 3 18:44:17 UTC 2015
Quoting Dietmar Maurer (dietmar at proxmox.com):
>
>
> > On December 3, 2015 at 5:56 PM Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> >
> >
> > Quoting Wolfgang Bumiller (w.bumiller at proxmox.com):
> > > > fwiw lxd also ships with 'fuidshift' which has the same functionality.
> > >
> > > After a quick glance over the code I only see it handling file ownership.
> > > What about ACLs? (And perhaps other extra attributes I'm unaware of.)
> >
> > Good point. Patch for lxd's fuidshift appreciated :)
>
> Would it make sense to ship such binary with LXC (we do not use LXD at all)?
I've thought about moving the one from my nsexec bzr tree over a few times
over the years. But I think the download template, and the ease of doing
lxc-usernsexec tar zxf made it never quite needed enough to do it.
I'd prefer not to have two completely separate codebases for the same tool :),
but it sounds like it would make sense for you, so if you send a patch to
do so, +1. (We also could simply make the uidmap go code from lxd a separate
package and have lxc optionally go get and build that.)
-serge
More information about the lxc-users
mailing list