[lxc-users] unpriviledged container failing to get an IP in Ubuntu 16

Fajar A. Nugraha list at fajar.net
Wed Sep 14 01:32:14 UTC 2016


On Wed, Sep 14, 2016 at 12:45 AM, Ivan Ogai <lxc-users at ogai.name> wrote:

>
> The problem is the encrypted home.
>
> FYI:
>
> If the user has an encrypted home (e.g. selecting the option in the
> Ubuntu 16.04 installer) unprivileged LXC containers are not possible
> (see error below).
>
>
That is odd.
Have you compare the directory permissions for $HOME/.local/share/lxc for
encrypted and non-encrypted homes? AFAIK they need to be executable by
others (e.g. 711) all the way (i.e. /home, $HOME, $HOME/.local/share, and
so on) or have special ACL setup. Just in case it's a simple permission
issue.

This is very unfortunate for anyone who need to keep data confidential
> in the case that a computer is stolen,


I use encrypted lxd storage on my rented servers, which might be a
workaround for you (if the problem turns out to be NOT permission)

partition -> luks encryption -> zpool mirror -> zfs dataset used by lxd

containers can also be nested, so it's possible for you to create a
parent-container with nesting enabled, and let your user control that. Then
create another parent-container for another user.

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160914/8444d27c/attachment.html>


More information about the lxc-users mailing list