[lxc-users] unprivileged container with zfs backing

Fajar A. Nugraha list at fajar.net
Wed Feb 4 12:23:51 UTC 2015


On Wed, Feb 4, 2015 at 6:59 PM, Adam Gold <awg1 at gmx.com> wrote:

> Thank you so much for doing all of that.  I will attempt to follow your
> approach and hopefully reproduce the results.
>
> FYI, I just tried using btrfs and creating containers at the root of a
> sub volume in unprivileged mode and that worked just fine.  I guess it's
> not surprising that it may be harder with zfs.
>


... and apparently something as simple as this works as well (run as root)

# zfs create rpool/lxc/user/precise
# chown user:user /home/user/.local/share/lxc/precise
# chmod 775 /home/user/.local/share/lxc/precise

Note the final chmod. Btrfs subvolume might have that by default, which is
why it works for you.

After that this works fine as "user":
$ lxc-create -n precise -t download
Setting up the GPG keyring
Downloading the image index
...
Distribution: ubuntu
Release: precise
Architecture: amd64

Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs

---
You just created an Ubuntu container (release=precise, arch=amd64,
variant=default)

To enable sshd, run: apt-get install openssh-server

For security reason, container images ship without user accounts
and without a root password.

Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150204/77f9b478/attachment.html>


More information about the lxc-users mailing list