Quoting Wolfgang Bumiller ([email protected]): > Thanks for the reply. > > > On November 11, 2015 at 4:40 PM Serge Hallyn <[email protected]> > > wrote: > > > This puts us in a bit of a pickle as we'd like to setup mountpoints > > > for an unprivileged container without giving it access to more than it > > > needs (in particular, the storage configuration and processes involved > > > in managing and activating them.) > > > > Please give a specific example of what you want. > > Mount a filesystem for the unprivileged user which the they cannot > mount by themselves due to a lack of permissions. > # mount -o loop /path/you/don't/have/access/to.img /the/container
A few things, 1. If you just want this to be a container in a user namespace, you could pre-mount it to a path where the user does have access so they can use a regular lxc.mount.entry. 2. If you are just using unpriv containers to use user namespaces, you can actually have the container be owned/started by root. That's what I do for some containers where their rootfs is a dmcrypt device which I couldn't mount as an unpriv user. 3. Seth Forshee is working on support for several things that would help you here - in particular unprivileged users mounting ext4, using loop devices, and fuse. Doesn't help you right now, but soon it might. -serge _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
