[lxc-users] unprivileged container with zfs backing
Fajar A. Nugraha
list at fajar.net
Wed Feb 4 11:01:50 UTC 2015
On Wed, Feb 4, 2015 at 5:46 PM, Adam Gold <awg1 at gmx.com> wrote:
>
>
> On 04/02/2015 10:10, Fajar A. Nugraha wrote:
> > On Wed, Feb 4, 2015 at 4:58 PM, Adam Gold <awg1 at gmx.com
> > <mailto:awg1 at gmx.com>> wrote:
> >
> > In summary, I would like each unprivileged container to run on top
> of a
> > new zfs filesystem which I create as root and assign relevant
> ownership
> > to. Is this possible?
> >
> >
> > should be possible, BUT not with lxc-create.
> >
> > The easiest method would probably be to create a "template" container
> > for that particular user, and clone it manually (e.g. using zfs
> > snapshot/clone, plus edit the config file manually). You already create
> > the fs manually, so this workaround might be acceptable.
>
> I've only ever created containers using lxc-create. Are you saying that
> I should manually create a template container at the root of a
> particular zfs filesystem (e.g. zfs/lxc/containers/c1) and then I simply
> use zfs clone to create each new container (and, of course, tweak the
> config)?
That is the best way that I know of.
> If so, what's the best way to manually create a template in
> unprivileged mode to ensure all the subuids and subgids are assigned
> correctly.
>
Create it using any normal method known to work. It should be OK when
.local/share/lxc is on the same filesystem as $HOME, right?
After that, copy it manually to your template dataset
(zfs/lxc/containers/template
?) using "rsync -avP" or whatever tool of your choice. When you clone the
template to a new directory, don't forget to change these settings manually
in the new container config:
lxc.rootfs
lxc.utsname
lxc.network.hwaddr
lxc.network.veth.pair (if you use this)
>
> Also, for the additional containers that I get from zfs cloning, will
> they be recognised by 'lxc-* -n' commands?
>
>
AFAIK most lxc commands simply reads whatever is under the directory, and
doesn't really care what fs they are on.
--
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150204/7d5229de/attachment.html>
More information about the lxc-users
mailing list