one setup of a shared directory would be media files passed through to a
container with samba and one container with mediatomb and one container
with a http server and I would then limit the access to read-only for
the last two.
Am 21.12.2016 um 17:09 schrieb Pavol Cupka:
these subuid mappings are there for the case that someone compromises
your container and gains root, should he break out of the container he
would have access to all the files that are root owned on the host
machine, when you use these mappings then the uses get uid + 100000 or
whatever is set in the subuid map file and if they gain root they have
uid 1 in container but uid 1000001 on the host that means it can't
access any files. that is the whole purpose of this unprivileged
container thing.
yes you have to create users with corresponding uid on diff containers
to be able to access the files.
why do you have to export the same path to both containers? you can
export one path for one container and other for the second one. but
your setup will work for media/backup and for other things
On Wed, Dec 21, 2016 at 3:41 PM, John Gubert <john.gub...@web.de
<mailto:john.gub...@web.de>> wrote:
Hi Pavol,
thanks for the link, I did some testing with the out of the box
setup (removed root:1000:1) of ubuntu, created two containers and
passed the same host directory through to both of them, then I
created the same users in the same order on both containers:
root(1000)
neuer(1001)
zweiter(1002)
this seems to work, when I create files inside this folder on one
container as neuer, I can only read them as neuer on the other
container and vice versa.
I would assume, that as soon as I create the users in a different
order, zweiter might become 1001 and neuer 1002 and therefore
files created by neuer in one container would be seen as files
created bei zweiter in the other, right? On the host, all files
are seens as 101001 or 101001 anyway.
I would go ahead and use this setup for my homeserver to store
media/backups and run a fileserver in one container and other
tasks in another, is this setup stable enough if I set it up as
described above?
this is my lxc config, is there anything I should change?
disktest:
path: /testdisk
source: /home/me/testdisk
type: disk
kind regards,
John
Am 21.12.2016 um 15:04 schrieb Pavol Cupka:
some of your questions are answered here
https://wiki.gentoo.org/wiki/LXD#Configure_subuid.2Fsubgid
<https://wiki.gentoo.org/wiki/LXD#Configure_subuid.2Fsubgid>
answering to the list is fine
On Wed, Dec 21, 2016 at 1:34 PM, John Gubert <john.gub...@web.de
<mailto:john.gub...@web.de>> wrote:
Hi Tycho,
thank you for your fast response.
My id on the host is indeed 1000. I read your blog article
and then had
a look at /etc/subuid:
before:
"me@host:~$ cat /etc/subuid
lxd:100000:65536
root:100000:65536
me:165536:65536"
after:
"me@host:~$ cat /etc/subuid
lxd:100000:65536
root:100000:65536
me:165536:65536
root:1000:1"
root seems to be already set up, maybe this is due to lxd being
installed on ubuntu 16.04? It would be really helpful if you
could
explain to me what the mapping defined in this file really
does. Does it
make a difference if I add your line, or use the one already
there? How
does this file use the numbers (100000 and 65536)? Does
1000:1 tell
ubuntu to map the id 1 to 1, if so, what does 100000:65536
mean? Add
65536 to the 100000? If there is a user called "me" in the
conatainer,
does a line "me:1000:1" work as well?
I appreciate any help.
with kind regards,
John
P.S.:
I answered to the mailing list, is this the right way to do
it, or
should I answer to you directly?
Am 20.12.2016 um 22:52 schrieb Tycho Andersen:
Hi John,
On Tue, Dec 20, 2016 at 10:39:07PM +0100,
john.gub...@web.de <mailto:john.gub...@web.de> wrote:
Hello,
I have a directory on my host system and
want to create several containers
with the same users inside. I would like to pass
the directory through to
each container and allow the users to write and
read on it. The network
connection should be done using macvlan.
The howtos I have read so far show how to set up
lxd, which works very
well on my 16.04 host. Starting a container works
out of the box as
unpriviliged user as well.
My questions:
Is it even possible to share one directory on the
host with several
container?
All the howtos I could find mention some
commands, that need to be
applied, but they do not tell me about the
commands I need to type in to
make it work:
"That means you can create a container with the
following configuration:
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536"
There is a big list of possible options on
github, but where does it tell
how to apply them?
Does someone know a detailed howto, that
describes a similiar setup like
mine?
http://tycho.ws/blog/2016/12/uidmap.html
<http://tycho.ws/blog/2016/12/uidmap.html> is a blog post
I wrote a
while ago talking about how to set this up with your home
directory.
You can mimic the settings for whatever user map you
want, though.
Cheers,
Tycho
Every time I read something, I feel like missing
something important,
because I could not find a coherent compendium of
possible options on how
to do something.
kind regards,
John
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
<mailto:lxc-users@lists.linuxcontainers.org>
http://lists.linuxcontainers.org/listinfo/lxc-users
<http://lists.linuxcontainers.org/listinfo/lxc-users>
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
<mailto:lxc-users@lists.linuxcontainers.org>
http://lists.linuxcontainers.org/listinfo/lxc-users
<http://lists.linuxcontainers.org/listinfo/lxc-users>
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
<mailto:lxc-users@lists.linuxcontainers.org>
http://lists.linuxcontainers.org/listinfo/lxc-users
<http://lists.linuxcontainers.org/listinfo/lxc-users>
_______________________________________________ lxc-users mailing
list lxc-users@lists.linuxcontainers.org
<mailto:lxc-users@lists.linuxcontainers.org>
http://lists.linuxcontainers.org/listinfo/lxc-users
<http://lists.linuxcontainers.org/listinfo/lxc-users>
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
