Re: [lxc-users] How to copy "manually" a container ?

[Tamas Papp]

On 08/23/2018 05:36 AM, Pierre Couderc wrote:
If for any reason, "lxc copy" does not work, is it enough to copy 
(rsync) /var/lib/lxd/containers/ to another lxd on another 
computer in /var/lib/lxd/containers/ ?


Copy the folder (watch out rsync flags) to 
/var/lib/lxd/storage-pools/default/containers/, symlink to 
/var/lib/lxd/containers and run 'lxd import'.


t
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[lxc-users] How to copy "manually" a container ?

[Pierre Couderc]

If for any reason, "lxc copy" does not work, is it enough to copy  
(rsync) /var/lib/lxd/containers/ to another lxd on another computer 
in /var/lib/lxd/containers/ ?


PC

___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] How can a non-root user assign unique UID/GID range for LXC unprivileged containers ??

[Yasoda Padala]

Thank You Dirk for your response.
It was a permission issue and as you suggested corrected the permissions to
have unprivileged user full access to container's rootfs and it started
working.

Thanks again,
Yasoda

-- Forwarded message --
> From: Yasoda Padala 
> To: lxc-users@lists.linuxcontainers.org
> Cc:
> Bcc:
> Date: Tue, 21 Aug 2018 15:37:49 +0530
> Subject: Re: [lxc-users] How can a non-root user assign unique UID/GID
> range for LXC unprivileged containers ??
> Hi Xavier,
> Thank you for your response.
> I even tried with bigger range, but still no luck.
>
> in 1st container (cont1) config,
>  lxc.id_map = u 0 10 1000
> lxc.id_map = g 0 10 1000
>  &
> and in 2nd container (cont2) config:
> lxc.id_map = u 0 101500 1000
> lxc.id_map = g 0 101500 1000
>
>  get the same error
>
> lxc-start 20180817035100.984 ERRORlxc_conf - conf.c:mount_rootfs:798 -
> Permission denied - Failed to get real path for
> "/home/oxpd/.local/share/lxc/uidranges/rootfs".
>
>   lxc-start 20180817035100.984 ERRORlxc_conf -
> conf.c:setup_rootfs:1220 - Failed to mount rootfs
> "/home/oxpd/.local/share/lxc/uidranges/rootfs" onto
> "/usr/lib/x86_64-linux-gnu/lxc" with options "(null)".
>
>   lxc-start 20180817035100.984 ERRORlxc_conf -
> conf.c:do_rootfs_setup:3899 - failed to setup rootfs for 'uidranges'
>
>   lxc-start 20180817035100.984 ERRORlxc_conf -
> conf.c:lxc_setup:3981 - Error setting up rootfs mount after spawn
>
>   lxc-start 20180817035100.984 ERRORlxc_start -
> start.c:do_start:811 - Failed to setup container "uidranges".
>
>   lxc-start 20180817035100.984 ERRORlxc_sync -
> sync.c:__sync_wait:57 - An error occurred in another process (expected
> sequence number 3)
>
>   lxc-start 20180817035100.985 ERRORlxc_start -
> start.c:__lxc_start:1358 - Failed to spawn container "uidranges".
>
>   lxc-start 20180817035106.524 ERRORlxc_start_ui -
> tools/lxc_start.c:main:366 - The container failed to start.
>
>   lxc-start 20180817035106.525 ERRORlxc_start_ui -
> tools/lxc_start.c:main:368 - To get more details, run the container in
> foreground mode.
>
>   lxc-start 20180817035106.525 ERRORlxc_start_ui -
> tools/lxc_start.c:main:370 - Additional information can be obtained by
> setting the --logfile and --logpriority options.
>
> If I try something like below:
> in 1st container (cont1) config,
> lxc.id_map = u 0 10 1000
> lxc.id_map = g 0 10 1000
>
> and in 2nd container (cont2) config:
> lxc.id_map = u 0 10 2000
> lxc.id_map = g 0 10 2000
>
> it works, but on the host both the containers created by my lxcuser has
> same userid which is 10. Hence, it is not possible to identify each
> container uniquely on host machine
>
> My query is that, is there any way a non-root user can create various
> containers and each container will have unique UserId on the host machine ??
>
> Thanks for your help,
> Yasoda
>
> From: Xavier Gendre 
> To: lxc-users@lists.linuxcontainers.org
> Cc:
> Bcc:
> Date: Mon, 20 Aug 2018 09:24:31 +0200
> Subject: Re: [lxc-users] How can a non-root user assign unique UID/GID
> range for LXC unprivileged containers ??
> Hi Yasoda,
>
> only 10 ids is a bit short for a container. You should increase this
> number to cover at least the system ids 0-999. Depending on the
> distribution you run in your containers, you can be sharper and only
> involve the needed ids but they all have to be covered.
>
> Xavier
>
>
>> On Fri, Aug 17, 2018 at 9:34 AM Yasoda Padala 
>> wrote:
>>
>>> Hi All,
>>> I have created non-root user on my Ubuntu (16.04) machine who creates
>>> unprivileged LXC containers.
>>> My user's uid/gid on the host is 1000.
>>> and below are the entries in /etc/subuid &  /etc/subgid files
>>>
>>> /etc/subuid:
>>> lxcuser:10 65536
>>>
>>> /etc/subgid:
>>> lxcuser:10:65536
>>>
>>> My requirement is for each LXC unprivileged container, I should be able
>>> to pick a UID/GID range.
>>> For instance, I have created two LXC containers cont1 and cont2
>>> in cont1 config, I have added the below id mappings
>>> lxc.id_map = u 0 10 10
>>> lxc.id_map = g 0 10 10
>>>
>>> and in con2 config file, I have added the below id mappings
>>> lxc.id_map = u 0 100020 10
>>> lxc.id_map = g 0 100020 10
>>>
>>> cont1 starts successfullly but cont2 gives the below error while
>>> starting the container
>>>
>>> lxc-start 20180817035100.984 ERRORlxc_conf - conf.c:mount_rootfs:798
>>> - Permission denied - Failed to get real path for
>>> "/home/oxpd/.local/share/lxc/uidranges/rootfs".
>>>
>>>   lxc-start 20180817035100.984 ERRORlxc_conf -
>>> conf.c:setup_rootfs:1220 - Failed to mount rootfs
>>> "/home/oxpd/.local/share/lxc/uidranges/rootfs" onto
>>> "/usr/lib/x86_64-linux-gnu/lxc" with options "(null)".
>>>
>>>   lxc-start 20180817035100.984 ERRORlxc_conf -
>>> conf.c:do_rootfs_setup:3899 - failed to setup rootfs for 'uidranges'
>>>
>>>   lxc-start 20180817035100.984 ERROR 

[lxc-users] Announcing LXC, LXD and LXCFS 3.0.2 bugfix releases

[Stéphane Graber]

The LXC/LXD/LXCFS team is happy to announce the second round of bugfix
releases for the 3.0 LTS branch of LXC, LXD and LXCFS.

This includes over two months of accumulated bugfixes as well as the fix
for the recently fixed LXC security issue (CVE 2018-6556).

The announcements for the 3 projects can be found here:

 - LXD 3.0.2: 
https://discuss.linuxcontainers.org/t/lxd-3-0-2-has-been-released/2505/2
 - LXC 3.0.2: 
https://discuss.linuxcontainers.org/t/lxc-3-0-2-has-been-released/2504/2
 - LXCFS 3.0.2: 
https://discuss.linuxcontainers.org/t/lxcfs-3-0-2-has-been-released/2503/2

LTS branches of those projects come with a 5 years support commitment
from upstream for security and bugfixes. The 3.0 branch is the current
LTS and is supported until June 2023.


We'd like to thank all of our contributors and our amazing community for
their contributions, bug reports and help testing those releases!

On behalf of the LXC, LXD and LXCFS teams,

Stéphane Graber


signature.asc
Description: PGP signature
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users