Greetings, Serge Hallyn!
> Quoting Andrey Repin (anrdae...@yandex.ru):
>> Greetings, Serge Hallyn!
>>
>> >> >> What lxc version did you say you were using?
>> >> >
>> >> > Were using - 1.1.2.
>> >> > Then I got an upgrade and my DC didn't came up after a host reboot.
>> >> > Had to roll back to
lxc v0.19 on Ubuntu 15.10 host.
~ lxc launch wily abc
Creating abc done.
Starting abc done.
~ lxc launch wily abc.lxc
Creating abc.lxc error: Invalid container name
The 2nd one above used to work.
Why are dotted domain-like container names now invalid?
Le 06/10/2015 06:03, Paul Jones a écrit :
Hi.
I'm using Debian Stretch. And I would like to use unpriviledged containers.
It seems by default, there is one cgroup owned by root. In order to
start an unpriviledged container I need to create a new cgroup, chown it
to the unpriviledged user and
Hi Serge,
Yes, I downloaded a fresh template for ubuntu and its overlay clones start
okay, and I'm able to attach and run commands on them. However, eth0 has no
IP assigned when unconfined.
I think the problem might be related to changes in systemd (I'm using
version 219) and overlayfs on vivid.
Hi,
I share a folder from host to container. That folder contains mounts.
Below is a simple usecase of what I do.
# On host
mkdir -p /shared/mount1
mount some.iso /shared/mount1
# In the config of my container
lxc.mount.entry = /shared shared none bind 0 0
# On the host
tree /shared
/shared/
Greetings, Serge Hallyn!
> What does 'sudo aa-status' show?
This is with fully up to date system, including fresh LXC 1.1.3:
# aa-status
apparmor module is loaded.
7 profiles are loaded.
6 profiles are in enforce mode.
/sbin/dhclient
/usr/lib/NetworkManager/nm-dhcp-client.action
On Mon, Oct 5, 2015 at 11:58 PM, Fabio Tudone
(fa...@paralleluniverse.co) wrote:
> On 09/30/2015 08:38 PM, Serge Hallyn wrote:
>>>
>>> On a more practical level what could be the security implications?
>>> Are there host resources that a malicious program could
Hi.
I'm using Debian Stretch. And I would like to use unpriviledged containers.
It seems by default, there is one cgroup owned by root. In order to start
an unpriviledged container I need to create a new cgroup, chown it to the
unpriviledged user and then move the current tty process into that
Greetings, Serge Hallyn!
>> >> lxc-start 1443630810.241 WARN lxc_confile -
>> >> confile.c:config_pivotdir:1825 - lxc.pivotdir is ignored. It will soon
>> >> become an error.
>> >> lxc-start 1443630810.247 WARN lxc_cgmanager -
>> >> cgmanager.c:cgm_get:993 - do_cgm_get
On Mon, Oct 5, 2015 at 5:01 PM, Andrey Repin wrote:
> # dpkg --list \*lxc\* \*apparmor\*
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
>
On Mon, Oct 5, 2015 at 9:19 PM, Andrey Repin wrote:
>> What lxc version did you say you were using?
>
> Were using - 1.1.2.
> Then I got an upgrade and my DC didn't came up after a host reboot.
> Had to roll back to 1.1.2 to recover operation.
So to reconfirm, you now run
I am running a Ubuntu 14.04 host with LXC v1.1.3. On it I have mounted
an NFS export at /home/[user]/.local/share/lxc/.
When I cd into the mount I can create files and directories. I can chown
to change the ownership on them. I can delete them. However when I do
lxc-create I get:
newgidmap:
Quoting Fajar A. Nugraha (l...@fajar.net):
> On Mon, Oct 5, 2015 at 9:19 PM, Andrey Repin wrote:
> >> What lxc version did you say you were using?
> >
> > Were using - 1.1.2.
> > Then I got an upgrade and my DC didn't came up after a host reboot.
> > Had to roll back to 1.1.2
Quoting Bertrand NOEL (bertrand.noel...@gmail.com):
> Hi,
> I share a folder from host to container. That folder contains mounts.
> Below is a simple usecase of what I do.
>
> # On host
> mkdir -p /shared/mount1
> mount some.iso /shared/mount1
>
> # In the config of my container
>
Quoting Andrey Repin (anrdae...@yandex.ru):
> Greetings, Serge Hallyn!
>
> >> >> lxc-start 1443630810.241 WARN lxc_confile -
> >> >> confile.c:config_pivotdir:1825 - lxc.pivotdir is ignored. It will soon
> >> >> become an error.
> >> >> lxc-start 1443630810.247 WARN
Greetings, Fajar A. Nugraha!
>>> What lxc version did you say you were using?
>>
>> Were using - 1.1.2.
>> Then I got an upgrade and my DC didn't came up after a host reboot.
>> Had to roll back to 1.1.2 to recover operation.
> So to reconfirm, you now run 1.1.2, which is fine?
> The earlier
Quoting Frederico Araujo (arau...@gmail.com):
> Hi,
>
> I've been using LXC for over two years without problems. This week, I
> upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs
> containers stopped getting IP assigned. In my machine the error can be
> reproduced in this
Greetings, Serge Hallyn!
>>lxc-container-default (1612)
>>lxc-container-default (2488)
> ...
> What does running the following in python3 as root show?
> import lxc
> c = lxc.Container("dc1-1")
> c.get_config_item("lxc.aa_profile")
#!/usr/bin/env python3
import lxc
c =
Greetings, Serge Hallyn!
>> >> What lxc version did you say you were using?
>> >
>> > Were using - 1.1.2.
>> > Then I got an upgrade and my DC didn't came up after a host reboot.
>> > Had to roll back to 1.1.2 to recover operation.
>>
>> So to reconfirm, you now run 1.1.2, which is fine?
>
Quoting Christian Benke (benkoka...@gmail.com):
> Hello!
>
> Planning to move from OpenVZ to LXC, I started playing with containers
> on my workstation yesterday. In the past hours I've been trying to
> mount an additional volume to a container, but don't seem to get this
> apparently trivial
Quoting Andrey Repin (anrdae...@yandex.ru):
> Greetings, Serge Hallyn!
>
> >> >> What lxc version did you say you were using?
> >> >
> >> > Were using - 1.1.2.
> >> > Then I got an upgrade and my DC didn't came up after a host reboot.
> >> > Had to roll back to 1.1.2 to recover operation.
> >>
>
On 09/30/2015 08:38 PM, Serge Hallyn wrote:
On a more practical level what could be the security implications?
Are there host resources that a malicious program could compromise
when running in a container with the capabilities of a regular host
user mapped in there? Even because of
Quoting Andrey Repin (anrdae...@yandex.ru):
> Greetings, Serge Hallyn!
>
> >>lxc-container-default (1612)
> >>lxc-container-default (2488)
> > ...
>
> > What does running the following in python3 as root show?
>
> > import lxc
> > c = lxc.Container("dc1-1")
> >
23 matches
Mail list logo