Quoting Benoit GEORGELIN - Association Web4all ([email protected]): > I do start them as non-root user because I tough I was the only way to start > an unprivileged container on the system.
Ok, that's what I was wondering. In order to start such containers as root, you only need to make sure that /etc/subuid and /etc/subgid have entries granting the container's id ranges to root. But it's still worth imo to make simple ovs installs work for unprivileged users. > benoit@lxd-virt-01a:~$ lxc-ls -f > NAME STATE IPV4 IPV6 GROUPS AUTOSTART > ------------------------------------------------------ > benoit RUNNING IP_ADDRESS - - NO > jordan STOPPED - - - NO > > benoit@lxd-virt-01a:~$ lxc-start -n jordan > > benoit@lxd-virt-01a:~$ /opt/deploy_lxc/add_lxc_flows.sh jordan > Adding FLOWS for jordan container > Trafic limited to 10Mb/s > > > benoit@lxd-virt-01a:~$ lxc-info -n jordan > Name: jordan > State: RUNNING > PID: 17994 > > Process: > > benoit 10487 0.0 0.0 43512 3532 ? Ss août31 0:00 [lxc monitor] > /LXC_DIR/benoit benoit > benoit 17982 0.0 0.0 43512 3576 ? Ss 01:53 0:00 [lxc monitor] /LXC_DIR/benoit > jordan > > > Each container on the system is a unix user. > They can all manage their own LXC container. Each one have an [lxc monitor] > process > > I do the provising as root (LVM storage) , including the mount of the > specific rootfs for the container. > I will share soon all the scripts used . Deployment is automatic Awesome, thanks. > The only one program used with an setuid is used to set the network flows. > Sudo is an option to allow normal user to use it too. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
