[lxc-users] Use image file for unprivileged containers
Dr. Todor Dimitrov
dimitrov at technology.de
Mon Jun 18 05:17:36 UTC 2018
For the sake of completeness, here are the commands to create the image:
---
dd if=/dev/zero of=test.img bs=1M count=10
mkfs.ext4 -c test.img
mount -o loop test.img /mnt/test
# copy root-fs to /mnt/test
# perform id shifting if necessary
umount /mnt/test
---
Thanks for the support!
Todor
> On 15. Jun 2018, at 18:20, Christian Brauner <christian at brauner.io <mailto:christian at brauner.io>> wrote:
>
> On Fri, Jun 15, 2018 at 06:03:06PM +0200, Dr. Todor Dimitrov wrote:
>>>> but it will have to be idshifted before the start.
>>
>> So the id shifting will be also done automatically? Once or on each start?
>
> No, the id shifting is *not* done by LXC. Only the *mount*.
>
>>
>> What about the format of the image file? Is there any documentation or samples on this? I assume a dd img with a single partition (e.g. ext4) should be OK?
>
> We don't really handle partitions, I think. You can setup a privileged
> container with:
>
> sudo lxc-create ttt -t download -B loop -- -d alpine -r edge -a amd64
>
> and then take a look at the loop file that got created. This is the
> format we support.
>
> Christian
>
>>
>> Thanks,
>> Todor
>>
>>> On 15. Jun 2018, at 17:50, Christian Brauner <christian at brauner.io <mailto:christian at brauner.io>> wrote:
>>>
>>> On Fri, Jun 15, 2018 at 05:02:50PM +0200, Dr. Todor Dimitrov wrote:
>>>> Hallo Christian,
>>>>
>>>> do I have to manually perform the loop mount? I thought this was done by the LXC runtime.
>>>
>>> Yes, the mount is performed. If you have manually prepared an image you
>>> can do:
>>>
>>> lxc.rootfs.path = loop:/path/to/file
>>>
>>>>
>>>> What is actually meant by “image file” inside the documentation:
>>>>
>>>> “
>>>> lxc.rootfs.path - specify the root file system for the container. It can be an image file, a directory or a block device. If not specified, the container shares its root file system with the host.
>>>> "
>>>>
>>>> Todor
>>>>
>>>>> On 15. Jun 2018, at 16:39, Christian Brauner <christian at brauner.io <mailto:christian at brauner.io>> wrote:
>>>>>
>>>>> On Fri, Jun 15, 2018 at 10:28:34AM +0200, Dr. Todor Dimitrov wrote:
>>>>>> Hallo,
>>>>>>
>>>>>> is it possible to use an image file with “lxc.rootfs.path” for an
>>>>>> unprivileged container? If possible, is it necessary to have the
>>>>>> correct file ownerships within the image or are these automatically
>>>>>> adjusted on start, e.g. on mount.
>>>>>
>>>>> If by image you mean something you can mount on a loop device then yes
>>>>> but it will have to be idshifted before the start.
>>>>>
>>>>> Christian
>>>>>
>>>>>>
>>>>>> Thanks in advance,
>>>>>> Todor
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> _______________________________________________
>>>>>> lxc-users mailing list
>>>>>> lxc-users at lists.linuxcontainers.org <mailto:lxc-users at lists.linuxcontainers.org>
>>>>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>>>
>>>>> _______________________________________________
>>>>> lxc-users mailing list
>>>>> lxc-users at lists.linuxcontainers.org <mailto:lxc-users at lists.linuxcontainers.org>
>>>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>>
>>>
>>>
>>>
>>>> _______________________________________________
>>>> lxc-users mailing list
>>>> lxc-users at lists.linuxcontainers.org <mailto:lxc-users at lists.linuxcontainers.org>
>>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org <mailto:lxc-users at lists.linuxcontainers.org>
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org <mailto:lxc-users at lists.linuxcontainers.org>
>> http://lists.linuxcontainers.org/listinfo/lxc-users <http://lists.linuxcontainers.org/listinfo/lxc-users>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org <mailto:lxc-users at lists.linuxcontainers.org>
> http://lists.linuxcontainers.org/listinfo/lxc-users <http://lists.linuxcontainers.org/listinfo/lxc-users>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180618/157133fa/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3844 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180618/157133fa/attachment.bin>
More information about the lxc-users
mailing list