From 4dd46ea0a7780d442a5bf8b0dca4daf1cd63fe4b Mon Sep 17 00:00:00 2001 From: Marc Beninca Date: Sat, 3 Aug 2019 10:32:20 +0200 Subject: [PATCH] wip lxc/unprivileged --- in/public/containers/lxc/index.rst | 1 + in/public/containers/lxc/unprivileged.rst | 55 +++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 in/public/containers/lxc/unprivileged.rst diff --git a/in/public/containers/lxc/index.rst b/in/public/containers/lxc/index.rst index 289e999..6f1f141 100644 --- a/in/public/containers/lxc/index.rst +++ b/in/public/containers/lxc/index.rst @@ -6,6 +6,7 @@ LXC host container + unprivileged *** ESX diff --git a/in/public/containers/lxc/unprivileged.rst b/in/public/containers/lxc/unprivileged.rst new file mode 100644 index 0000000..0709c14 --- /dev/null +++ b/in/public/containers/lxc/unprivileged.rst @@ -0,0 +1,55 @@ +Unprivileged +============ + +.. warning:: Work In Progress + +Mandatory +--------- + +Configuration +^^^^^^^^^^^^^ + +* config + +:: + + lxc.idmap = u 0 100000 65536 + lxc.idmap = g 0 100000 65536 + +Permissions +^^^^^^^^^^^ + +.. todo:: shift root's uid for rootfs + +Not sure +-------- + +Packages +^^^^^^^^ + +:: + + uidmap + +Configuration +^^^^^^^^^^^^^ + +* /etc/sysctl.conf + +:: + + kernel.unprivileged_userns_clone=1 + +* /etc/subgid +* /etc/subuid + +:: + + root:100000:65536 + +* config + +:: + + lxc.include = /usr/share/lxc/config/userns.conf + lxc.apparmor.profile = unconfined