wip lxc/unprivileged

This commit is contained in:
Marc Beninca 2019-08-03 10:32:20 +02:00
parent 2e20f10cea
commit 4dd46ea0a7
2 changed files with 56 additions and 0 deletions

View file

@ -6,6 +6,7 @@ LXC
host host
container container
unprivileged
*** ***
ESX ESX

View file

@ -0,0 +1,55 @@
Unprivileged
============
.. warning:: Work In Progress
Mandatory
---------
Configuration
^^^^^^^^^^^^^
* config
::
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
Permissions
^^^^^^^^^^^
.. todo:: shift root's uid for rootfs
Not sure
--------
Packages
^^^^^^^^
::
uidmap
Configuration
^^^^^^^^^^^^^
* /etc/sysctl.conf
::
kernel.unprivileged_userns_clone=1
* /etc/subgid
* /etc/subuid
::
root:100000:65536
* config
::
lxc.include = /usr/share/lxc/config/userns.conf
lxc.apparmor.profile = unconfined