[lxc-users] unprivileged container with zfs backing
Fajar A. Nugraha
list at fajar.net
Wed Feb 4 12:23:51 UTC 2015
On Wed, Feb 4, 2015 at 6:59 PM, Adam Gold <awg1 at gmx.com> wrote:
> Thank you so much for doing all of that. I will attempt to follow your
> approach and hopefully reproduce the results.
>
> FYI, I just tried using btrfs and creating containers at the root of a
> sub volume in unprivileged mode and that worked just fine. I guess it's
> not surprising that it may be harder with zfs.
>
... and apparently something as simple as this works as well (run as root)
# zfs create rpool/lxc/user/precise
# chown user:user /home/user/.local/share/lxc/precise
# chmod 775 /home/user/.local/share/lxc/precise
Note the final chmod. Btrfs subvolume might have that by default, which is
why it works for you.
After that this works fine as "user":
$ lxc-create -n precise -t download
Setting up the GPG keyring
Downloading the image index
...
Distribution: ubuntu
Release: precise
Architecture: amd64
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs
---
You just created an Ubuntu container (release=precise, arch=amd64,
variant=default)
To enable sshd, run: apt-get install openssh-server
For security reason, container images ship without user accounts
and without a root password.
Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.
--
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150204/77f9b478/attachment.html>
More information about the lxc-users
mailing list