rwx.work/rtfd
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip lxc/unprivileged

Browse source
This commit is contained in:
Marc Beninca 2019-08-03 10:32:20 +02:00
parent 2e20f10cea
commit 4dd46ea0a7
2 changed files with 56 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
in/public/containers/lxc/index.rst
View file

@ -6,6 +6,7 @@ LXC
host host
container container
unprivileged
*** ***
ESX ESX

55
in/public/containers/lxc/unprivileged.rst Normal file
View file

@ -0,0 +1,55 @@
Unprivileged
============
.. warning:: Work In Progress
Mandatory
---------
Configuration
^^^^^^^^^^^^^
* config
::
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
Permissions
^^^^^^^^^^^
.. todo:: shift root's uid for rootfs
Not sure
--------
Packages
^^^^^^^^
::
uidmap
Configuration
^^^^^^^^^^^^^
* /etc/sysctl.conf
::
kernel.unprivileged_userns_clone=1
* /etc/subgid
* /etc/subuid
::
root:100000:65536
* config
::
lxc.include = /usr/share/lxc/config/userns.conf
lxc.apparmor.profile = unconfined