[lxc-users] How do I "add an ACL for the container root"?
Fajar A. Nugraha
list at fajar.net
Tue Jan 5 06:03:52 UTC 2016
On Tue, Jan 5, 2016 at 2:56 AM, Dun Peal <dunpealer at gmail.com> wrote:
> I'm trying to start a vanilla CentOS 6 container on an Ubuntu 15.10
> host running latest stable LXC (1.1.5). It fails with due to lack of
> permission to access ~/.local. The error message suggests granting 'x'
> permission on the relevant directory, or 'add an ACL for the container
> root'.
>
> I understand the first suggestion (which to me seems unclean - setting
> global 'x' permission on an important directory like ~/.local), but
> what exactly does the second suggestion "add an ACL for the container
> root" entail?
It's not JUST .local, you need to add executable permission to the top
level directory (i.e. your $HOME) as well.
For ACLs, see https://help.ubuntu.com/community/FilePermissionsACLs .
In short, something like this works
cd $HOME
setfacl -m u:100000:x . .local
getfacl . .local
"100000" here is the uid you get from /etc/subuid. Basically you need
to add root-of-the-unpriv-container (usually 100000 for the first
normal user) "x" access to your home and .local directory.
--
Fajar
More information about the lxc-users
mailing list