[lxc-users] idmap, lxd and pylxde
Aron Podrigal
aronp at guaranteedplus.com
Thu Jan 26 06:40:31 UTC 2017
since lxd 2.6 you can use security.idmap.isolated
https://github.com/lxc/lxd/blob/master/doc/userns-idmap.md#different-idmaps-per-container
On Thu, Jan 26, 2017, 1:04 AM Fajar A. Nugraha <list at fajar.net> wrote:
> On Thu, Jan 26, 2017 at 12:20 PM, Aron Podrigal <aronp at guaranteedplus.com>
> wrote:
>
> you can use lxc.raw for this in lxd ;)
>
>
> Have you tested it?
>
> On xenial + lxd 2.0.8-0ubuntu1~ubuntu, it doesn't work.
>
> At least, not with lots of manual changis (including UID shifting the
> rootfs manually), which (among others) result in
> 'volatile.last_state.idmap' doesn't match what the actual rootfs uses.
>
> --
> Fajar
>
>
>
> On Wed, Jan 25, 2017, 11:50 PM Fajar A. Nugraha <list at fajar.net> wrote:
>
> On Wed, Jan 25, 2017 at 10:12 PM, Witold Filipczyk <gglater62 at gmail.com>
> wrote:
>
> On Wed, Jan 25, 2017 at 08:36:23AM -0500, brian mullan wrote:
> > Witold
> >
> > There is a tool called "fuidshift" you can use to shift the gid/uid for
> you.
> >
> > http://manpages.ubuntu.com/manpages/xenial/man1/fuidshift.1.html
> >
> > This previous lxc-users mailer thread can also give you some idea of its
> > use:
> >
> >
> http://lxc-users.linuxcontainers.narkive.com/atlj58eG/proper-usage-of-fuidshift
> >
> > fuidshift will be installed along with some other "tools" if you install
> > the lxd-tools package:
> >
> > *sudo apt-get install lxd-tools*
>
> Thanks for the reply, but must be some simpler method.
>
> In lxc configuration it was:
> lxc.id_map = u 0 200000 65536
> lxc.id_map = g 0 200000 65536
>
> How to express it in lxd and pylxd?
>
>
> Short version: AFAIK that's not possible in lxd. You'd either use
> privileged container, or unpriv container (with the same mapping for all
> containers).
>
> --
> Fajar
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170126/5a83ba0f/attachment-0001.html>
More information about the lxc-users
mailing list