On Thu, Feb 9, 2017 at 3:02 AM, John Lewis <oflam...@gmail.com> wrote:
> I am trying to build containers on my really powerful desktop and then > export them to VPS provider who would shut off my machine if it takes too > much CPU time. > Uh ... use another VPS provider? EC2 gives out one year free tier, which includes t2.micro, suitable for small sites. > Moving one an system image file is much faster to move than moving a root > of a system recursively. It is also far less error prone. Having to > maintain premount scripts is inconvenient compared to having LXC do it. I > can't use LXD yet because my whole environment is Debian 8. > > If you can switch to ubuntu as host, I highly recomend lxd + zfs backend. You can then transfer the rootfs using "lxc copy" or zfs snapshot/clone. Anyway, back to your question. I assume that: - you have root access to the VPS - you have full control of the kernel (i.e. Xen/KVM, not virtuozzo VPS) In that case, you can create unprivileged,root-owned,loop-backed container by simply doing something like this as root: # lxc-create -n alpine -t download -B loop -- -d alpine -r 3.4 -a amd64 ... of course, to make it unpriv, you need to have proper lxc.id_map setting (e.g. follow https://linuxcontainers.org/lxc/getting-started/), which I assume you already have. The main point to use loopback is "-B loop" in lxc-create. The resulting lxc config file would have entries like these: # Container specific configuration lxc.id_map = u 0 165536 65536 lxc.id_map = g 0 165536 65536 lxc.rootfs = loop:/var/lib/lxc/alpine/rootdev lxc.rootfs.backend = loop -- Fajar > On 02/08/2017 08:42 AM, Fajar A. Nugraha wrote: > > On Wed, Feb 8, 2017 at 7:57 PM, John Lewis <oflam...@gmail.com> wrote: > >> Can unprivileged containers start from a loop device? >> > > IMHO you should explain what you're trying to achieve, and how you think > using a loop device will help. > > I can say that "lxd uses unpriv containers by default, and it also creates > a zfs pool on top of file as container storage by default", which satisfies > both the "unpriv container" and "loop device" (somewhat) part of your > question, but probably not what you're looking for. > > -- > Fajar > > > _______________________________________________ > lxc-users mailing > listlxc-users@lists.linuxcontainers.orghttp://lists.linuxcontainers.org/listinfo/lxc-users > > > > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
