[lxc-users] Can unprivileged containers start from a loop device?
Fajar A. Nugraha
list at fajar.net
Thu Feb 9 02:59:24 UTC 2017
On Thu, Feb 9, 2017 at 3:02 AM, John Lewis <oflameo2 at gmail.com> wrote:
> I am trying to build containers on my really powerful desktop and then
> export them to VPS provider who would shut off my machine if it takes too
> much CPU time.
>
Uh ... use another VPS provider?
EC2 gives out one year free tier, which includes t2.micro, suitable for
small sites.
> Moving one an system image file is much faster to move than moving a root
> of a system recursively. It is also far less error prone. Having to
> maintain premount scripts is inconvenient compared to having LXC do it. I
> can't use LXD yet because my whole environment is Debian 8.
>
>
If you can switch to ubuntu as host, I highly recomend lxd + zfs backend.
You can then transfer the rootfs using "lxc copy" or zfs snapshot/clone.
Anyway, back to your question. I assume that:
- you have root access to the VPS
- you have full control of the kernel (i.e. Xen/KVM, not virtuozzo VPS)
In that case, you can create unprivileged,root-owned,loop-backed container
by simply doing something like this as root:
# lxc-create -n alpine -t download -B loop -- -d alpine -r 3.4 -a amd64
... of course, to make it unpriv, you need to have proper lxc.id_map
setting (e.g. follow https://linuxcontainers.org/lxc/getting-started/),
which I assume you already have. The main point to use loopback is "-B
loop" in lxc-create. The resulting lxc config file would have entries like
these:
# Container specific configuration
lxc.id_map = u 0 165536 65536
lxc.id_map = g 0 165536 65536
lxc.rootfs = loop:/var/lib/lxc/alpine/rootdev
lxc.rootfs.backend = loop
--
Fajar
> On 02/08/2017 08:42 AM, Fajar A. Nugraha wrote:
>
> On Wed, Feb 8, 2017 at 7:57 PM, John Lewis <oflameo2 at gmail.com> wrote:
>
>> Can unprivileged containers start from a loop device?
>>
>
> IMHO you should explain what you're trying to achieve, and how you think
> using a loop device will help.
>
> I can say that "lxd uses unpriv containers by default, and it also creates
> a zfs pool on top of file as container storage by default", which satisfies
> both the "unpriv container" and "loop device" (somewhat) part of your
> question, but probably not what you're looking for.
>
> --
> Fajar
>
>
> _______________________________________________
> lxc-users mailing listlxc-users at lists.linuxcontainers.orghttp://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170209/89707ca2/attachment.html>
More information about the lxc-users
mailing list