[lxc-users] NFS mounts and unprivileged containers

Fajar A. Nugraha list at fajar.net
Fri Dec 4 15:17:33 UTC 2015


On Fri, Dec 4, 2015 at 8:54 PM, Matthew Green <mephi at mephi.co.uk> wrote:

> Hi Fajar,
>
> (1) Understood, I was just trying to work out if mine was one.
> (2) I've got it working with the client connecting to the server IP
> address, does this still have problems? One of the issues I have with LXC
> is knowing when an action is considered to be on the same machine as the
> host and when it's separate.
>

"can connect" does not equal to safe. Did you read the link?

containers -> same kernel "process" as the host. For most purposes,
consider those as "same" machive (even when containers can be configured to
only use a subset of host's resources).

KVM/any-other-full-virtualization -> guest and host use separate kernels.
They can even be completely different OS (e.g. windows on linux host)



> (3) My portability concern was around being able to migrate a container to
> a new host, so yeah, I would need to add the NFS share on the new host as
> well.
>


Shouldn't be an issue then. Either bind-mount directly, or
nfs-import-then-bind-mount as required.



> (4) For backups I read somewhere that if you tar a container with a bind
> mount you also tar the contents of the mount, so if I bind mount then I'll
> need to work out a way to remove the bind mount prior to running tar
>
>
Options for backup in your case:
(a) read the docs,
https://www.gnu.org/software/tar/manual/html_section/tar_55.html

(b) bind-mount the path you'll be backing up somewhere first (e.g "mount
--bind /var/lib/lxc/c1/rootfs /tmp/mnt"), and THEN backup the new mount
point

(c) use block-level backup

(d) use something more advanced, like zfs with its send/receive feature

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151204/77b8858d/attachment.html>


More information about the lxc-users mailing list