Thanks, that makes a lot of sense.
On Tue, Jan 5, 2016 at 1:03 AM, Fajar A. Nugraha <[email protected]> wrote: > On Tue, Jan 5, 2016 at 2:56 AM, Dun Peal <[email protected]> wrote: >> I'm trying to start a vanilla CentOS 6 container on an Ubuntu 15.10 >> host running latest stable LXC (1.1.5). It fails with due to lack of >> permission to access ~/.local. The error message suggests granting 'x' >> permission on the relevant directory, or 'add an ACL for the container >> root'. >> >> I understand the first suggestion (which to me seems unclean - setting >> global 'x' permission on an important directory like ~/.local), but >> what exactly does the second suggestion "add an ACL for the container >> root" entail? > > It's not JUST .local, you need to add executable permission to the top > level directory (i.e. your $HOME) as well. > > For ACLs, see https://help.ubuntu.com/community/FilePermissionsACLs . > In short, something like this works > > cd $HOME > setfacl -m u:100000:x . .local > getfacl . .local > > "100000" here is the uid you get from /etc/subuid. Basically you need > to add root-of-the-unpriv-container (usually 100000 for the first > normal user) "x" access to your home and .local directory. > > -- > Fajar > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
