Quoting Ronald Kelley (rkelley...@gmail.com):
> Thanks for the fast reply.
>
> Just for clarity, the values you used are pulled directly from the
> /etc/subuid file for the lxd user, correct? We are looking into some system
> automation and want to make sure any new/copied container has the c
On Tue, May 17, 2016 at 10:32:18AM +0200, Michele Giacomoli wrote:
> HI all,
>
> I have an Ubuntu 14.04 host with lxc 1.0.3-0ubuntu3. I created an
> unprivileged container with the following capabilities dropped from
> /usr/share/lxc/config/ubuntu.common.conf template:
> lxc.cap.drop = sys_module
ket to the cgmanager on the host.
On Wed, May 18, 2016 at 09:57:11AM +0200, Michele Giacomoli wrote:
> Thank you Serge
>
> Is there a way for managing user namespace capabilities and add
> needed capabilities to initial user namespace?
>
> Best regards
> Michele
>
> Il
Quoting Michele Giacomoli (michele.giacom...@mynet.it):
> Thank you,
> So, as result, there is no way to keep capabilities for unprivileged
> containers, and lxc.cap.drop/keep in this case are pretty useless.
> Am I right?
There's no way to keep capabilities targeted at the host. If for
whatever
Quoting Eric W. Biederman (ebied...@xmission.com):
> Serge Hallyn writes:
>
> > So running a netstat as ubuntu user in the container and stracing netstat,
> > the
> > only eaccess I got was:
> >
> > 492 open("/proc/90/fd", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1
> > EACCES (Permission
Quoting Rui Zang (rui.z...@foxmail.com):
> Greetings,
>
> I am trying to run an openstack (with neutron networking) deployed
> by devstack in one LXC. The deployments seems completed but after a
> while something odd was discovered.
>
> First of all, there have been tens of thousands of tap devic
On Mon, May 30, 2016 at 09:04:26AM -0600, Joshua Schaeffer wrote:
> >For starters, from "man lxc.container.conf"
> >
> >lxc.hook.autodev
> > A hook to be run in the container's namespace after mounting
> > has been done and after any mount hooks have run, but before
> >
Quoting Stéphane Graber (stgra...@ubuntu.com):
> On Thu, Jun 09, 2016 at 12:56:55PM -0700, Mike Wright wrote:
> > On 06/09/2016 12:40 PM, Stéphane Graber wrote:
> > >Sounds like your host /proc is over-mounted which triggers a protection
> > >mechanism in the kernel that prevents an unprivileged us
On Tue, Jun 14, 2016 at 07:17:58AM -0400, Ron Kelley wrote:
> Thanks. These containers are running as a web-hosting container for our user
> sites (we host one site per container). Does your security statement below
> mean I could run into security issues if we enable the security.nesting
> op
Quoting Olivier BONHOMME (obonhomme+...@nerim.net):
> Hello,
>
> I'm trying to set up containers using LXC and i have question about how is
> mounted the rootfs.
>
> I would love to start my container with some specific mount options in order
> to
> increase a little bit the security reducing w
Quoting Olivier BONHOMME (obonhomme+...@nerim.net):
> On Mon, Jun 20, 2016 at 09:51:11AM -0500, Serge E. Hallyn wrote:
> > Quoting Olivier BONHOMME (obonhomme+...@nerim.net):
> > > Hello,
> > >
> > > I'm trying to set up containers using LXC and i have
Quoting John Lewis (oflam...@gmail.com):
> On 06/20/2016 10:34 AM, Mike Wright wrote:
> > On 06/20/2016 07:22 AM, John Lewis wrote:
> >> On 06/20/2016 10:04 AM, Mike Wright wrote:
> >>> On 06/20/2016 06:47 AM, John Lewis wrote:
> I have a ext4 formatted file called pmd.simg with a directory
>
Quoting Fiedler Roman (roman.fied...@ait.ac.at):
> Hello List,
>
> With LXC1 on Trusty following sequence was used to fill an unprivileged
> container as root, where only configuration exists but no content. With LXC2
> on Xenial, this results in an error:
>
> cd -- /var/lib/lxc/test/rootfs
> lxc
On Sat, Jun 25, 2016 at 03:20:08PM -0400, John Lewis wrote:
> On 06/20/2016 11:51 AM, Serge E. Hallyn wrote:
> > The pre-mount hook runs in the container's mount namespace but before
> > mounting the rootfs. So the fs you mount only shows up in the container's
>
On Mon, Jun 06, 2016 at 03:50:02PM +0200, Ondřej Vlk wrote:
> Hello,
>
> I run priviledged containers on Centos 7. I want to have isolated
Which version of lxc is this? Can you start a container with
lxc-start -n name -l trace -o debug.out
and mail debug.out here? This should show us
Quoting John Lewis (oflam...@gmail.com):
> On 06/25/2016 06:38 PM, Serge E. Hallyn wrote:
> > On Sat, Jun 25, 2016 at 03:20:08PM -0400, John Lewis wrote:
> >> On 06/20/2016 11:51 AM, Serge E. Hallyn wrote:
> >>> The pre-mount hook runs in the container's mount
Quoting Mike Wright (nob...@nospam.hostisimo.com):
> Hi all,
>
> cgmanager and cgmanager-utils are installed.
>
> Environment is ubuntu-xenial, lxc-2.0.1, cgm-0.29
why 0.29? xenial should have 0.39-2ubuntu5. I'm on xenial
using 0.41-2~ubuntu16.04.1~ppa1 from the ubuntu-lxc
ppa.
0 ✓ serge@sl
Quoting Mike Wright (nob...@nospam.hostisimo.com):
> On 06/26/2016 01:01 PM, Serge E. Hallyn wrote:
> >Quoting Mike Wright (nob...@nospam.hostisimo.com):
> >>Hi all,
> >>
> >>cgmanager and cgmanager-utils are installed.
> >>
> >>Environment
Quoting Rob Edgerton (redger...@yahoo.com.au):
> hi,I have the same problem (cgroups not working as expected) on a clean
> Xenial build (lxc PPA NOT installed, LXD not installed)In my case I have some
> Ubuntu Trusty containers I really need to use on Xenial, but they won't start
> because I use
Quoting Rob Edgerton (redger...@yahoo.com.au):
> hi,I have the same problem (cgroups not working as expected) on a clean
> Xenial build (lxc PPA NOT installed, LXD not installed)In my case I have some
> Ubuntu Trusty containers I really need to use on Xenial, but they won't start
> because I use
On Thu, Jun 30, 2016 at 11:24:25AM +1000, Rob wrote:
> On 30/06/2016 10:36 AM, Serge E. Hallyn wrote:
> >Quoting Rob Edgerton (redger...@yahoo.com.au):
> >> lxc-start 20160628155820.614 ERRORlxc_cgfsng -
> >> cgfsng.c:cgfsng_setup_limits:1662 - No suc
On Thu, Jun 30, 2016 at 02:39:37AM +, Rob Edgerton wrote:
...
> I updated pam.d/common-session# = RE Changed
> = #
> #session optional pam_cgfs.so -c freezer,memory,name=systemd
> session optional pam_cgfs.so -c freezer,memory,name=systemd,c
On Thu, Jun 30, 2016 at 01:06:17PM +0200, Michele Giacomoli wrote:
> Hi,
>
> I'd like to setup auditd inside an unprivileged container running
> Ubuntu 14.04. Tried installing auditd package but nothing being
> logged. Trying /etc/init.d/auditd start I get:
>
> * Starting audit daemon auditd
>
Quoting rob e (redger...@yahoo.com.au):
> On 30/06/16 11:35, Serge E. Hallyn wrote:
> >On Thu, Jun 30, 2016 at 11:24:25AM +1000, Rob wrote:
> >>On 30/06/2016 10:36 AM, Serge E. Hallyn wrote:
> >>>Quoting Rob Edgerton (redger...@yahoo.com.au):
> >Oh, ok. I'
Quoting rob e (redger...@yahoo.com.au):
> On 01/07/16 10:58, Serge E. Hallyn wrote:
> >Quoting rob e (redger...@yahoo.com.au):
> >Let's address them one at a time. For starters,
> >
> >if you only leave in the
> > lxc.cgroup.cpuset.cpus = 1-3
> >
Quoting rob e (redger...@yahoo.com.au):
> On 02/07/16 01:02, Serge E. Hallyn wrote:
> >Quoting rob e (redger...@yahoo.com.au):
> >>On 01/07/16 10:58, Serge E. Hallyn wrote:
> >>>Quoting rob e (redger...@yahoo.com.au):
> >>>Let's address them one a
> hi Serge,
> with JUST those clauses (and no cgroup set clauses) ... it sort of
> works. Initial messages are cleared from the console(?) leaving just
> the shutdown messages. But it does get to a login prompt
D'oh. Thanks for your patience. I see the bug. I'll post a
PR for a fix. I'm surpri
Quoting Serge E. Hallyn (se...@hallyn.com):
> > hi Serge,
> > with JUST those clauses (and no cgroup set clauses) ... it sort of
> > works. Initial messages are cleared from the console(?) leaving just
> > the shutdown messages. But it does get to a login prompt
>
Quoting rob e (redger...@yahoo.com.au):
>
> On 02/07/16 12:14, Serge E. Hallyn wrote:
> >>hi Serge,
> >>with JUST those clauses (and no cgroup set clauses) ... it sort of
> >>works. Initial messages are cleared from the console(?) leaving just
> >>the shu
On Sat, Jul 02, 2016 at 01:24:44PM +1000, rob e wrote:
> On 02/07/16 12:41, Serge E. Hallyn wrote:
> >Quoting rob e (redger...@yahoo.com.au):
> >>On 02/07/16 12:14, Serge E. Hallyn wrote:
> >>>>hi Serge,
> >>>>with JUST those clauses (and no cgroup
There are several things under way which will help with this,
1. unprivileged mounting of squashfs will allow you to just mount it
in the container
2. Djalal Harouni is working on a feature to allow shifting uids into
a container as a mount option.
3. jbottomley is working on shiftfs which is a st
Quoting Judd Meinders (judd.meind...@rockwellcollins.com):
> Thanks for the quick response. I am particularly interested in the shiftfs
> and may try to patch that in. A single followup question below.
>
> On Wed, Jul 6, 2016 at 2:03 PM, Serge E. Hallyn wrote:
>
> > The
Quoting John Lewis (oflam...@gmail.com):
> I have a filesystem like this inside of a filesystem image
>
>/
>
> lost+found
>
> rootfs/[Linux root file system directories]
>
>
> If I change it to the following, will I have to use premount hooks?
>
On Tue, Jul 12, 2016 at 10:35:22PM +0530, Prasoon Majumdar wrote:
> Hello All,
>
> I am not able to start the nested container and getting these errors :
>
> root@p1:/# lxc-start -n p1_nested
> lxc-start: cgfs.c: lxc_cgroupfs_create: 841 Could not find writable mount
> point for cgroup hierarchy
Quoting Saint Michael (vene...@gmail.com):
> rpm -qa | grep lxc
> lxc-libs-1.1.5-1.fc22.x86_64
> lxc-1.1.5-1.fc22.x86_64
>
> Since the latest changes in LXC, I am out of business, since Fuse does not
> work anymore inside containers, and that is what I use for a
> line-of-production application
Quoting Saint Michael (vene...@gmail.com):
> I did work around it by mounting the ftp site on the host and sharing /mnt
> with the container, but as a solution is poor, since I cannot execute the
> mound command from the container, to be run on the host.
> This was working fine until last week. I j
Quoting Saint Michael (vene...@gmail.com):
> When I try to use fuse in a container, I get
> fuse: failed to open /dev/fuse: Operation not permitted
> In my config file I have
> lxc.mount.entry = /dev/fuse dev/fuse none bind,create=file
>
> How can I get back to be able to use fuse inside a contain
Ok - looking back at
https://lists.linuxcontainers.org/pipermail/lxc-users/2016-July/012016.html
you don't have a cgroup devices entry for /dev/fuse. That should
look like
lxc cgroup.devices.allow = c 10 229 rwm
___
lxc-users mailing list
lxc-users@li
Quoting Muneeb Ahmad (muneeb.ganda...@gmail.com):
> Hi guys,
>
> First of all I greatly appreciate the work you guys have been doing.
> My question is about CirrOS. I have deployed OpenStack with nova-lxd
> through devstack. Is there any way I can run CirrOS on it as far as I read,
> it's not avai
Quoting Christoph Willing (chris.will...@iinet.net.au):
> On 23/07/16 18:16, Andreas Vögele wrote:
> >Christoph Willing writes:
> >
> >>I'm following the guide to run X apps in a container at:
> >> https://www.stgraber.org/2014/02/09/lxc-1-0-gui-in-containers/
> >>
> >>As a starting point, I h
Hi everyone,
I'm intending to remove cgmanager from Debian. Upstream and distro
maintainers all agree this is the right thing to do, but I don't want
this to come as a surprise to anyone - so wanted to send out one last
email warning and asking if anyone is depending on it.
I've said I'll act on
when I try to enter it with 'lxc exec /bin/bash',
> nothing happens.
> In lxc.log, i get an error. Any ideas?
> "ERRORlxc_attach - attach.c:lxc_attach_run_command:1226 - No such file
> or directory - failed to exec '/bin/bash'"
>
> On Tue, Jul
On Sun, Aug 14, 2016 at 05:57:49PM +0300, Andrey Repin wrote:
> Greetings, All!
>
> I've just figured out a problem, but can't seems to find a solution.
> I have a number of containers serving content to the network through samba
> shares.
>
> The containers' configuration is rather simple and do
unprivileged containers can not set file capabilities (until I or someone
finds time to finish support for that at the kernel level). At least
in Ubuntu it's considered a packaging error for install to fail if you
cannot set filecaps, as seems to be happening with the httpd rpm below.
Quoting jjs
Quoting Andreas Kirbach (akirb...@forumhome.com):
> Hi all,
>
> we are getting PAM-CGFS error messages in our logs pretty often when
> Nagions checks are being performed:
> ---
> PAM-CGFS[84553]: Failed to create a cgroup for user nagios
> ---
>
> The OS is Debian Jessie with LXCFS 2.0.2 from Jes
Quoting Andreas Kirbach (akirb...@forumhome.com):
> Serge E. Hallyn wrote:
> > Hi,
> >
> > thanks for commenting on this. Indeed the current behavior is wrong.
> > The right thing is not as simple as returning true though. If you
> > look at handle_login(
On Sun, Aug 28, 2016 at 09:59:42AM +0100, Matt Green wrote:
> Hi Guys,
>
> I've currently got a 14.04 server running LXC, and I'm planning to use the
> upgrade to 16.04 as an excuse to switch to LXD.
>
> In the interim I thought I'd upgrade my proxy server and move it's services
> to LXD so I'm n
On Tue, Sep 13, 2016 at 01:11:50AM -0700, Adam Richter wrote:
> On Linux 4.8-rc1 through 4-8-rc6 (latest rc), lxc fails start to
> Ubuntu 16.04 and Centos 7 containers [1], unless I first run
> "cgmanager -m name=systemd &" on the host, which, unlike the
Does starting lxcfs or installing the cgrou
On Tue, Sep 13, 2016 at 03:11:57PM +0200, Ivan Ogai wrote:
> Hello!
>
> Using LXC, I had a simple script run as a normal user that
>
> 1) created an unprivileged container
>
> 2) added a user in the container with the same uid and gid as the user
>in the host, let's say 1000
>
> 3) modified
Quoting Eric W. Biederman (ebied...@xmission.com):
> Adam Richter writes:
>
> > On Linux 4.8-rc1 through 4-8-rc6 (latest rc), lxc fails start to
> > Ubuntu 16.04 and Centos 7 containers [1], unless I first run
> > "cgmanager -m name=systemd &" on the host, which, unlike the
> > containers, was no
Quoting Ivan Ogai (lxc-us...@ogai.name):
> * Serge E. Hallyn [2016-09-13 15:48]:
> > On Tue, Sep 13, 2016 at 03:11:57PM +0200, Ivan Ogai wrote:
>
> > > Using LXC, I had a simple script run as a normal user that
> > >
> > > 1) created an unprivileged contai
On Tue, Oct 11, 2016 at 05:13:42PM -0700, manik sheeri wrote:
> I am trying to run my LFS (Linux from scratch) inside a container. I
> created LFS from its stable version book and using that as a rootfs for my
> container.
>
> I created the LFS rootfs at /home/manik/toolchain/lfs . I am using this
On Fri, Oct 14, 2016 at 02:10:44PM +0100, Brian Candler wrote:
> On 14/10/2016 12:34, Brian Candler wrote:
> >
> >[root@test ~]# su - admin
> >*su: cannot set groups: Invalid argument*
> >
> >So I'm wondering about the best way to deal with this.
> >
> >(1) I can try to configure FreeIPA to allocat
On Wed, Oct 19, 2016 at 10:13:58PM -0400, Stéphane Graber wrote:
> On Wed, Oct 19, 2016 at 09:01:34PM -0500, David Favor wrote:
> > net12 # sudo dpkg-reconfigure -p medium lxd
> > Warning: Stopping lxd.service, but it can still be activated by:
> > lxd.socket
> > net12 #
> >
> > dpkg-reconfigure
Quoting sjo...@sjomar.eu (sjo...@sjomar.eu):
> October 17, 2016 12:32 PM, sjo...@sjomar.eu wrote:
> > Hi all,
> >
> > I just had a LXD host (LXD version 2.0.4 on Ubuntu server 16.04) ran out of
> > diskspace and found out
> > that my LXD logs took almost 8GB.
> >
> > When looking at the /var/log
On Tue, Oct 25, 2016 at 09:46:08AM +, Jäkel, Guido wrote:
> In your first answer, you wrote:
> >The only way of doing this that I'm aware of is what we do in LXD.
>
> Does this mean, that with LXD filesystem injection at runtime is supported?
> Is this done by using 'lxc config device add
Quoting Adithya K (linux.challen...@gmail.com):
> HI,
>
> I am trying to run LXC on Ubuntu 14.04 and LXC version 1.0.8. When I
> run valgrind
> --tool=memcheck --leak-check=yes --show-reachable=yes --num-callers=20
> --track-fds=yes lxc-start -d -n test, I get following error.
>
> Warning: inval
Stéphane was helpfully pointing you in the direction of where the problem
probably lies. Don't read it as "your problem isn't important so I'm
closing it", read it as "your problem sounds like it could be x or y."
github.com/lxc/lxc tracks upstream lxc. This is independent of Ubuntu.
If you want
Quoting Kevin Long (kevin.l...@haloprivacy.com):
>
> Greetings, first post to the list.
>
> I’ve been doing some initial research, started with docker and also LXC by
> way of Proxmox (which I use for virtualization).
>
> Basically, I’m looking at rolling out Freeswitch for a whole bunch of my
Quoting Benoit GEORGELIN - Association Web4all (benoit.george...@web4all.fr):
> Hi all,
>
> I was wondering how the version of LXD / LXC is working.
> I'm not able to understand if i'm running the latest version of LXD / LXC
>
> Here is what I have on my system :
> lxc --version
> 2.5
This
On Wed, Oct 19, 2016 at 10:32:40AM +0530, Adithya K wrote:
> HI,
>
> I am trying to run LXC on Ubuntu 14.04 and LXC version 1.0.8. When I
> run valgrind
> --tool=memcheck --leak-check=yes --show-reachable=yes --num-callers=20
> --track-fds=yes lxc-start -d -n test, I get following error.
Run it
That looks like
commit 359467743d707d08fda029fa6e957a93bc8dc7ef
Author: Christian Brauner
Date: Fri Oct 14 15:27:24 2016 +0200
tools: better error reporting for lxc-start
which added a check for "!c->is_defined(c)"
Christian?
-serge
Quoting Detlef Vollmann (d...@vollmann.ch):
> Hello,
On Mon, Jan 09, 2017 at 06:23:51AM -0500, Ron Kelley wrote:
> Brian,
>
> Absolutely agree on an online collection of how-to docs for LXD. We started
> using LXD about 8mos ago as an alternative to full-blown VMs for hosting
> WordPress websites. Since then, we are now have 4 main LXD container
Quoting John (da_audioph...@yahoo.com):
> When I start my unprivileged container, systemd-tmpfiles-setup.service fails
> to start with the following errors per journalctl:
>
> Jan 09 14:16:20 playtime systemd[1]: systemd-tmpfiles-setup.service: Failed
> to reset devices.list: Operation not permi
Quoting John (da_audioph...@yahoo.com):
> From S. Graber's blog[1] and other sources, consensus is that unprivileged
> containers offer the best security from the container's perspective. There
> is quite a discussion in an Arch Linux feature request[2] around the risks of
> enabling user names
On Sat, Jan 14, 2017 at 09:39:10AM +0700, Fajar A. Nugraha wrote:
> On Sat, Jan 14, 2017 at 4:56 AM, Fajar A. Nugraha wrote:
>
> > On Sat, Jan 14, 2017 at 3:52 AM, John wrote:
> >
> >>
> >> Again, thank you for the detailed reply. Are the nature of these sorts
> >> of interactions such that use
Quoting Elie Deloumeau-Prigent (e...@deloumeau.fr):
> Hi all,
>
> Is there a list of defaults cgroups that are used by a container (e.g.
> lxc.cgroup.memory.limit_in_bytes) ?
man lxc.container.conf
You can use any that you want, the filename is explicitly listed in
the options. And in the paste
Hi,
Scott Moser was kind enough to provide this reply:
(http://paste.ubuntu.com/23870807/)
#!/bin/sh
##
## This is Scott Moser in reply to
##
https://lists.linuxcontainers.org/pipermail/lxc-users/2017-January/012766.html
## The user-data you have has some problems, and is stopping it from w
On Fri, Jan 13, 2017 at 08:52:14PM +, John wrote:
>
>
>
>
> - Original Message -
> > From: Serge E. Hallyn
> > To: LXC users mailing-list
> > Sent: Friday, January 13, 2017 11:20 AM
> > Subject: Re: [lxc-users] Risk/benefit of enabling
> Essentially I'm just trying to set up a simple way to put up and tear down
> containers that will have all of my defaults in place from the start.
>
> Neil
>
> On Thu, Jan 26, 2017 at 2:00 PM, Serge E. Hallyn wrote:
>
> > Hi,
> >
> > Scott Moser was
On Sun, Jan 29, 2017 at 04:49:22AM +0700, Fajar A. Nugraha wrote:
> On Sun, Jan 29, 2017 at 4:04 AM, Frans Meulenbroeks <
> fransmeulenbro...@gmail.com> wrote:
>
> > Hi,
> >
> > I'm working on migrating from LXC 1.x to LXC 2.
> > While doing so I bumped upon the following issue:
> >
> > My contain
Quoting Sean Templeton (seantemple...@outlook.com):
> I have been trying to create an unprivileged container for the past couple
> days with no success. After having read the entire Internet, I'm about to
> give up and just create a privileged container. But maybe you all can figure
> out what I
Quoting mleuker (mich...@leuker.me):
> I'm referencing John Siu's
> https://lists.linuxcontainers.org/pipermail/lxc-users/2016-February/010960.html
> which was never answered conclusively. My setup currently separates each
> unprivileged container with a different subuid / subguid range, e.g.
>
Quoting Eric (naisa...@gmail.com):
> That's is what I've also been trying to do
>
> Kubernetes has a list of supported persistent volume types, of which the
> only one's that aren't cloud-based that I've tried are NFS, CephFS,
> Glusterfs, and HostPath
>
> https://kubernetes.io/docs/user-guide/pe
On Wed, Feb 22, 2017 at 04:11:28PM +0800, topperxin wrote:
> Hi list
>We're using LXC with libvirt_lxc to run MySQL, we have thousands
> instances.
This mailing list is about lxc. Libvirt has it's own containers
implementation, which is what you are using. So you want the libvirt
ma
Quoting Himanshu Neema (hne...@syr.edu):
> Hello,
>
>
> I am trying to launch image as "lxc launch ubuntu:16.04" but it fails with
> error:
>
>
> "error: LXD doesn't have a uid/gid allocation. In this mode, only privileged
> containers are supported."
>
>
> I have following mappings in my /
On Thu, Mar 02, 2017 at 03:46:10PM +0530, Adithya K wrote:
> Hi All,
>
> I am usig busybox template to create container on ubuntu. I am creating
> container as non privilage. Attached is the config created.
>
> I am mapping var/run/duns/socket from host to container. Basically I am
> using host
On Tue, Mar 14, 2017 at 02:29:01AM +0100, Benoit GEORGELIN - Association
Web4all wrote:
> - Mail original -
> > De: "Simos Xenitellis"
> > À: "lxc-users"
> > Envoyé: Lundi 13 Mars 2017 20:22:03
> > Objet: Re: [lxc-users] Experience with large number of LXC/LXD containers
>
> > On Sun, M
On Tue, Feb 21, 2017 at 09:57:33PM -0800, Dan Miller wrote:
> I'm following the procedure for mounting a host drive inside an lxc
> container as described here:
> https://insights.ubuntu.com/2016/12/08/mounting-your-home-directory-in-lxd/.
>
> In that article the author sets the raw.idmap like thi
On Tue, Mar 28, 2017 at 05:32:15AM -0700, Peter Steele wrote:
>
> >We have a need to create real time threads in some of our
> >processes and I've been unable to configure an LXC container to
> >support this. One reference I came across was to set a container's
> >real time bandwidth via the lxc.c
Quoting BIGOT Adrien (adrien.bi...@smile.fr):
> Hello,
>
> Actually hosting many containers (2000+) with OpenVZ technology, we
> want to move to LXC/LXD.
> The goal is to host up to 20 unprivilegied containers per
> hypervisor. I'd like to know if there is some best practice
> regarding subuid and
On Wed, Mar 29, 2017 at 07:35:15AM +0700, Fajar A. Nugraha wrote:
> On Wed, Mar 29, 2017 at 4:20 AM, Serge E. Hallyn wrote:
>
> > Quoting BIGOT Adrien (adrien.bi...@smile.fr):
> > > Hello,
> > >
> > > Actually hosting many containers (2000+) with OpenVZ t
On Wed, Mar 29, 2017 at 12:16:29AM -0300, Norberto Bensa wrote:
> Hello list!
>
> In previous versions of Ubuntu I had lxc domain name resolution
> working, but it's broken for me in 17.04.
>
> Name resolution inside the containers work:
>
> ubuntu@consulta:~⟫ ping fox
> PING fox.lxc (10.0.1.114
On Wed, Mar 29, 2017 at 12:59:15AM -0300, Norberto Bensa wrote:
> 2017-03-29 0:29 GMT-03:00 Serge E. Hallyn :
> > On Wed, Mar 29, 2017 at 12:16:29AM -0300, Norberto Bensa wrote:
> >> Hello list!
> >>
> >> In previous versions of Ubuntu I had lxc domain name reso
Personally I run each service/application in a separate container, in a
separate uid range, in a full distrubution (various Ubuntu flavors). All
automatically updated, as otherwise I'd certainly get in trouble. With
iptables routing incoming ports. So sounds like you're doing basically
the same
Quoting Peter Steele (pwste...@gmail.com):
> On 03/31/2017 10:16 AM, Peter Steele wrote:
> >As you can see, the sched_setscheduler() call fails with an EPERM
> >error. This same app runs fine on the host.
> >
> >Ultimately I expect this app to fail when run under my container
> >since I have not gi
Quoting gunnar.wagner (gunnar.wag...@netcologne.de):
> hi everybody,
>
> I want to start using LXD. Is this list the right one for seeking
> advice or is there any specific LXD mailing list?
This is the place. Welcome.
___
lxc-users mailing list
lxc-us
Quoting Tomasz Chmielewski (man...@wpkg.org):
> On 2017-03-13 06:28, Benoit GEORGELIN - Association Web4all wrote:
> >Hi lxc-users ,
> >
> >I would like to know if you have any experience with a large number of
> >LXC/LXD containers ?
> >In term of performance, stability and limitation .
> >
> >I'm
Quoting Micky Del Favero (mi...@mesina.net):
> Tomasz Chmielewski writes:
>
> > In other words - how to best achieve:
> >
> > - tar a selected container
> >
> > - copy it via SSH somewhere
> >
> > - restore at some later point in time somewhere else, on a different,
> > unrelated LXD server
>
>
I think it would be great if some of the people who are interested in
putting host devices into a container safely would get together to
discuss requirements for a sort of device multiplexor/forwarder. It
could probably be based on cuse (see
https://superuser.com/questions/209884/where-are-progra
Quoting Sean McNamara (smc...@gmail.com):
> First of all, an "unprivileged" container is still pretty insecure if
> you don't have a proper Linux Security Module (LSM) enforcing
kernel 0-days in very specific syscalls aside, an unprivileged
container is as secure as a program running as an unprivi
Quoting Ben Warren (b...@skyportsystems.com):
> Hi,
>
> I’m stuck with Ubuntu 14.04 for now and would like to be able to run
> unprivileged containers that are systemd-based. I’ve found lots of examples
> of problems that are close, but nothing exactly matches. I got the lxc
> packages from t
Quoting Harald Dunkel (ha...@afaics.de):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 04/03/17 07:03, Harald Dunkel wrote:
> > Hi folks,
> >
> > using sysvinit-core on the host the systemd based containers get stuck in
> > /sbin/init. lxc-attach shows:
> >
> > root@lxcclient:~# ps
Quoting Ben Warren (b...@skyportsystems.com):
> Hi Serge,
>
> > On May 4, 2017, at 9:00 AM, Serge E. Hallyn wrote:
> >
> > Quoting Ben Warren (ben at skyportsystems.com):
> >> Hi,
> >>
> >> I’m stuck with Ubuntu 14.04 for now and would like t
Quoting Serge E. Hallyn (se...@hallyn.com):
> Quoting Ben Warren (b...@skyportsystems.com):
> > Hi Serge,
> >
> > > On May 4, 2017, at 9:00 AM, Serge E. Hallyn wrote:
> > >
> > > Quoting Ben Warren (ben at skyportsystems.com):
> > >> Hi,
Quoting Ben Warren (b...@skyportsystems.com):
> Hi Serge,
>
> > On May 4, 2017, at 9:00 AM, Serge E. Hallyn wrote:
> >
> > Quoting Ben Warren (ben at skyportsystems.com):
> >> Hi,
> >>
> >> I’m stuck with Ubuntu 14.04 for now and would like t
Quoting Ben Warren (b...@skyportsystems.com):
> Hi Serge,
> > On May 8, 2017, at 11:55 AM, Serge E. Hallyn wrote:
> >
> > Quoting Ben Warren (b...@skyportsystems.com
> > <mailto:b...@skyportsystems.com>):
> >> Hi Serge,
> >>
>
Hm, my last email (which I may have accidentally sent privately) was wrong,
/proc/$$/mounts shows cgroups in fact mounted at /sys/fs/cgroup.
However, take a look at this:
> cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset,clone_children 0 0
> cgroup /sys/fs/cgroup/cpu cgroup rw,relatime,cpu
Quoting Harald Dunkel (harald.dun...@aixigo.de):
> Hi folks,
>
> my LXCs don't start anymore:
Odd, do_setup_cgroup_limits() seems to be called twice.
First time is sucessful,
> lxc-start 20170511140840.901 DEBUGlxc_cgfs -
> cgroups/cgfs.c:do_setup_cgroup_limits:2042 - cgroup 'devices
On Fri, May 12, 2017 at 08:50:20PM +0200, Harald Dunkel wrote:
> Hi Serge,
>
> On 05/12/17 15:59, Serge E. Hallyn wrote:
> > Quoting Harald Dunkel (harald.dun...@aixigo.de):
> >> Hi folks,
> >>
> >> my LXCs don't start anymore:
> >
>
1 - 100 of 213 matches
Mail list logo
