[lxc-users] from lxc to lxd but sharing dir hell
Serge E. Hallyn
serge at hallyn.com
Tue Sep 13 13:48:02 UTC 2016
On Tue, Sep 13, 2016 at 03:11:57PM +0200, Ivan Ogai wrote:
> Hello!
>
> Using LXC, I had a simple script run as a normal user that
>
> 1) created an unprivileged container
>
> 2) added a user in the container with the same uid and gid as the user
> in the host, let's say 1000
>
> 3) modified the configuration of the container in
> ~/.local/share/lxc/example/conf to share their ids:
>
> lxc.id_map = u 0 100000 1000
> lxc.id_map = g 0 100000 1000
> lxc.id_map = u 1000 1000 1
> lxc.id_map = g 1000 1000 1
> lxc.id_map = u 1001 101001 64535
> lxc.id_map = g 1001 101001 64535
>
> 4) and added a mount to share a directory, e.g.
>
> /home/$USER/development home/$USER/development none bind,create=dir 0 0
FWIW what I'm hoping to see soon is an option to
1. overlayfs-mount $HOME/development to $tmpdir
2. shiftfs-mount $tmpdir into the container at $HOME/development
Then after running the container you could look at the airlocked diff
before commiting it back into your homedir, in case some bug or trojan
in your container tried to do something nefarious.
We just need jejb's shiftfs upstream, an easy lxc+lxd option to do
this combo, and maybe a tool to help examine an overlay diff and
merge it back in.
-serge
More information about the lxc-users
mailing list