[lxc-users] How do I "add an ACL for the container root"?
Dun Peal
dunpealer at gmail.com
Tue Jan 5 18:15:50 UTC 2016
Thanks, that makes a lot of sense.
On Tue, Jan 5, 2016 at 1:03 AM, Fajar A. Nugraha <list at fajar.net> wrote:
> On Tue, Jan 5, 2016 at 2:56 AM, Dun Peal <dunpealer at gmail.com> wrote:
>> I'm trying to start a vanilla CentOS 6 container on an Ubuntu 15.10
>> host running latest stable LXC (1.1.5). It fails with due to lack of
>> permission to access ~/.local. The error message suggests granting 'x'
>> permission on the relevant directory, or 'add an ACL for the container
>> root'.
>>
>> I understand the first suggestion (which to me seems unclean - setting
>> global 'x' permission on an important directory like ~/.local), but
>> what exactly does the second suggestion "add an ACL for the container
>> root" entail?
>
> It's not JUST .local, you need to add executable permission to the top
> level directory (i.e. your $HOME) as well.
>
> For ACLs, see https://help.ubuntu.com/community/FilePermissionsACLs .
> In short, something like this works
>
> cd $HOME
> setfacl -m u:100000:x . .local
> getfacl . .local
>
> "100000" here is the uid you get from /etc/subuid. Basically you need
> to add root-of-the-unpriv-container (usually 100000 for the first
> normal user) "x" access to your home and .local directory.
>
> --
> Fajar
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list