wip lxc/unprivileged
This commit is contained in:
Marc Beninca
parent
2e20f10cea
commit
4dd46ea0a7
2 changed files with 56 additions and 0 deletions
|
|
@ -6,6 +6,7 @@ LXC
|
|||
|
||||
host
|
||||
container
|
||||
unprivileged
|
||||
|
||||
***
|
||||
ESX
|
||||
|
|
|
|||
55
in/public/containers/lxc/unprivileged.rst
Normal file
55
in/public/containers/lxc/unprivileged.rst
Normal file
|
|
@ -0,0 +1,55 @@
|
|||
Unprivileged
|
||||
============
|
||||
|
||||
.. warning:: Work In Progress
|
||||
|
||||
Mandatory
|
||||
---------
|
||||
|
||||
Configuration
|
||||
^^^^^^^^^^^^^
|
||||
|
||||
* config
|
||||
|
||||
::
|
||||
|
||||
lxc.idmap = u 0 100000 65536
|
||||
lxc.idmap = g 0 100000 65536
|
||||
|
||||
Permissions
|
||||
^^^^^^^^^^^
|
||||
|
||||
.. todo:: shift root's uid for rootfs
|
||||
|
||||
Not sure
|
||||
--------
|
||||
|
||||
Packages
|
||||
^^^^^^^^
|
||||
|
||||
::
|
||||
|
||||
uidmap
|
||||
|
||||
Configuration
|
||||
^^^^^^^^^^^^^
|
||||
|
||||
* /etc/sysctl.conf
|
||||
|
||||
::
|
||||
|
||||
kernel.unprivileged_userns_clone=1
|
||||
|
||||
* /etc/subgid
|
||||
* /etc/subuid
|
||||
|
||||
::
|
||||
|
||||
root:100000:65536
|
||||
|
||||
* config
|
||||
|
||||
::
|
||||
|
||||
lxc.include = /usr/share/lxc/config/userns.conf
|
||||
lxc.apparmor.profile = unconfined
|
||||
Loading…
Reference in a new issue