Re: [libvirt-users] Attempt to define unprivileged LXC by libvirt
On Fri, Mar 23, 2018 at 02:28:11PM +0100, ales drtik wrote: > Thanks for info about that. > This means to use apparmor mandatory, isn't it true? If you enable user namespaces for the container that is sufficient to provide a secure config. None the less we still recommend /also/ adding MAC like SELinux or AppArmor on top. Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Re: [libvirt-users] Attempt to define unprivileged LXC by libvirt
Thanks for info about that. This means to use apparmor mandatory, isn't it true? ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Re: [libvirt-users] Attempt to define unprivileged LXC by libvirt
On Fri, Mar 23, 2018 at 02:09:39PM +0100, ales drtik wrote: > Hi, > i converted LXC conf to xml by: > > lxcuser@blade1:~/.local/share/lxc/test_deb$ virsh -c lxc:/// domxml-from- > native lxc-tools /home/lxcuser/.local/share/lxc/test_deb/config > > > test_deb > cce77799-89fd-41fd-99c1-101e00844e23 > 65536 > 65536 > 1 > > exe > /sbin/init > > > > > > > > > > > destroy > restart > destroy > > /usr/lib/libvirt/libvirt_lxc > > > > > > > > > > > > > Now attempt to define by virsh gives this err: > > lxcuser@blade1:~/.local/share/lxc/test_deb$ virsh -c lxc:/// define tmp/test > _deb.xml > error: Failed to define domain from /tmp/test_deb.xml > error: unsupported configuration: You must map the root user of container > > Debian stretch. > Where am I wrong ? The libvirt LXC driver only runs in the privileged libvirtd instance at this time. There is no support for the unprivileged libvirtd with LXC. Regards, Daniel -- |: https://berrange.com -o-https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o-https://fstop138.berrange.com :| |: https://entangle-photo.org-o-https://www.instagram.com/dberrange :| ___ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users