[lxc-users] lxc / lxd I'm lost somewhere

Benoit GEORGELIN - Association Web4all benoit.georgelin at web4all.fr
Fri Mar 11 02:05:09 UTC 2016


I'm currently switching from pure LXC to LXD 
I have few questions :) 

1- subuid /subgid 
Can LXD use different uid/gid from container configuration ? 
Let's say I have one LXD daemon running . This daemon is using suidui/gid from the user who launch de container. Can I have different id/gid mapping for this daemon ? 

Exemple : 
Container A: 100000:65536 
Container B: 165536:65536 

If the user from conainter A escape from namespace he will be as uig/gid A , container B stay "safe" from user container A access. 

2- IP address and mac address 
Is the only way to get the mac address assigne to the container is to go inside de container ? No lxc command to get the info ? 
lxc info container retrieve the IP address , not the mac address 
So the only way will be to set static mac address in configuration file then show the configuration of the container and parse it to get the mac :( 

To set and configure Openvwitch, I need the interface name, ip and mac 


3- config vs profile 
what it the best option to set container configuration ? 
Can I keep the config file as generated by the first launch and make my own profile configuration or should I edit the config of the container and only apply profile to share same custom configuration ? 

Let's say if I wanna custom container configuration (from script) and add a device type nic (eth0) 
Should I use "lxc config device add ......." or 
should I dump the initial configuration to a yml file , add the device information , reload config from stdin 
should I keep the initial configuration file and create a new template , custom the template and finally apply the template ? 

4- Veth / Bridged 

In LXC i could not have a specific name for the nic in unpriv container. (veth) 
Looks like now with LXD it's possible (bridged) ? 


5- Unpriv container 
If the init process from the host point of view is running with specific uid/gid means that the container is well running as unpriv ? 
lxd monitor process runs as the user who launch lxd daemon right ? 


6- Any openvswitch integration (or other virtual switch ) sheduled ? 
Not full integration , just basic settings and some open flow rules for security 

7- Quota with btrfs 
I saw LXD support quota with some backend storage. How using it with BTRFS ? 
Is it part from LXD container configuration or does it rely on FS configuration . No information about it on the doc https://github.com/lxc/lxd/blob/master/specs/configuration.md 


Thanks a lot for your time and help (again) :) 


Cordialement, 

Benoît 


De: "Serge Hallyn" <serge.hallyn at ubuntu.com> 
À: "lxc-users" <lxc-users at lists.linuxcontainers.org> 
Envoyé: Mardi 1 Mars 2016 20:05:35 
Objet: Re: [lxc-users] lxc / lxd I'm lost somewhere 

Quoting Mark Constable (markc at renta.net): 
> On 02/03/16 04:55, Serge Hallyn wrote: 
> >For instance I have my local laptop and a (very) remote server. 
> 
> Thanks for this example usage. 
> 
> >I can 'lxc launch xenial h:x1; lxc file push my.tar.gz h:x1/; lxc 
> >shell h:x1' and the fact that x1 is running on 'h' on a different 
> >continent really doesn't matter a lick. it's the same thing I'd 
> >do locally - 'lxc launch xenial x1; lxc file push my.tar.gz x1; 
> >lxc shell x1'. 
> 
> Is the above "shell" command available in the RCs perhaps? 
> 
> It's not available in 2.0.0~beta4-0ubuntu7. 

No, my ~/.config/lxc/config.yml has 

aliases: 
shell: exec @ARGS@ -- bash 

_______________________________________________ 
lxc-users mailing list 
lxc-users at lists.linuxcontainers.org 
http://lists.linuxcontainers.org/listinfo/lxc-users 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160311/1e7ba268/attachment-0001.html>


More information about the lxc-users mailing list