Re: [lxc-users] Unprivileged containers on NFS

2018-02-09 Thread Daniel Urist 
Do you mean it's possible to bind the rootfs? I'd like to actually have the
rootfs on NFS, if possible, so I can run the guest on an HA corosync
cluster.

On Fri, Feb 9, 2018 at 5:15 AM, Wayne Gemmell | Connect <
wa...@connect-mobile.co.za> wrote:

> You are not alone, it's way more effort than it's worth though. I got it
> going once but never again. Best is to bind it from the file system using
> the configuration or the profile.
>
>
>
> 
>
> On 8 February 2018 at 17:35, Daniel Urist  wrote:
>
>> Does anybody know whether this is possible or not?
>>
>> Given the popularity of NFS, I'd think this would be a pretty common use
>> case, and looking at the list archives, I'm not the first person to ask
>> this.
>>
>>
>>
>> On Mon, Jan 29, 2018 at 11:55 AM, Daniel Urist  wrote:
>>
>>> Is it possible to create unprivileged containers on NFS volumes? It
>>> seems to work fine for a privileged container, but when I try it for an
>>> unprivileged container I get the following errors:
>>>
>>>
 Using image from local cache
 Unpacking the rootfs
 tar: ./var/mail: Cannot change ownership to uid 0, gid 8: Operation not
 permitted
 tar: ./var/log/wtmp: Cannot change ownership to uid 0, gid 43:
 Operation not permitted
 tar: ./var/log/lastlog: Cannot change ownership to uid 0, gid 43:
 Operation not permitted
 tar: ./var/log/dmesg: Cannot change ownership to uid 0, gid 4:
 Operation not permitted
 tar: ./var/log/btmp: Cannot change ownership to uid 0, gid 43:
 Operation not permitted
 tar: ./var/log/fsck/checkroot: Cannot change ownership to uid 0, gid 4:
 Operation not permitted
 tar: ./var/log/fsck/checkfs: Cannot change ownership to uid 0, gid 4:
 Operation not permitted
 tar: ./var/log/apt/term.log: Cannot change ownership to uid 0, gid 4:
 Operation not permitted
 tar: ./var/local: Cannot change ownership to uid 0, gid 50: Operation
 not permitted
>>>
>>>
>>>
>>
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Unprivileged containers on NFS

2018-02-09 Thread Wayne Gemmell | Connect 
You are not alone, it's way more effort than it's worth though. I got it
going once but never again. Best is to bind it from the file system using
the configuration or the profile.





On 8 February 2018 at 17:35, Daniel Urist  wrote:

> Does anybody know whether this is possible or not?
>
> Given the popularity of NFS, I'd think this would be a pretty common use
> case, and looking at the list archives, I'm not the first person to ask
> this.
>
>
>
> On Mon, Jan 29, 2018 at 11:55 AM, Daniel Urist  wrote:
>
>> Is it possible to create unprivileged containers on NFS volumes? It seems
>> to work fine for a privileged container, but when I try it for an
>> unprivileged container I get the following errors:
>>
>>
>>> Using image from local cache
>>> Unpacking the rootfs
>>> tar: ./var/mail: Cannot change ownership to uid 0, gid 8: Operation not
>>> permitted
>>> tar: ./var/log/wtmp: Cannot change ownership to uid 0, gid 43: Operation
>>> not permitted
>>> tar: ./var/log/lastlog: Cannot change ownership to uid 0, gid 43:
>>> Operation not permitted
>>> tar: ./var/log/dmesg: Cannot change ownership to uid 0, gid 4: Operation
>>> not permitted
>>> tar: ./var/log/btmp: Cannot change ownership to uid 0, gid 43: Operation
>>> not permitted
>>> tar: ./var/log/fsck/checkroot: Cannot change ownership to uid 0, gid 4:
>>> Operation not permitted
>>> tar: ./var/log/fsck/checkfs: Cannot change ownership to uid 0, gid 4:
>>> Operation not permitted
>>> tar: ./var/log/apt/term.log: Cannot change ownership to uid 0, gid 4:
>>> Operation not permitted
>>> tar: ./var/local: Cannot change ownership to uid 0, gid 50: Operation
>>> not permitted
>>
>>
>>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Unprivileged containers on NFS

2018-02-08 Thread Daniel Urist 
Does anybody know whether this is possible or not?

Given the popularity of NFS, I'd think this would be a pretty common use
case, and looking at the list archives, I'm not the first person to ask
this.



On Mon, Jan 29, 2018 at 11:55 AM, Daniel Urist  wrote:

> Is it possible to create unprivileged containers on NFS volumes? It seems
> to work fine for a privileged container, but when I try it for an
> unprivileged container I get the following errors:
>
>
>> Using image from local cache
>> Unpacking the rootfs
>> tar: ./var/mail: Cannot change ownership to uid 0, gid 8: Operation not
>> permitted
>> tar: ./var/log/wtmp: Cannot change ownership to uid 0, gid 43: Operation
>> not permitted
>> tar: ./var/log/lastlog: Cannot change ownership to uid 0, gid 43:
>> Operation not permitted
>> tar: ./var/log/dmesg: Cannot change ownership to uid 0, gid 4: Operation
>> not permitted
>> tar: ./var/log/btmp: Cannot change ownership to uid 0, gid 43: Operation
>> not permitted
>> tar: ./var/log/fsck/checkroot: Cannot change ownership to uid 0, gid 4:
>> Operation not permitted
>> tar: ./var/log/fsck/checkfs: Cannot change ownership to uid 0, gid 4:
>> Operation not permitted
>> tar: ./var/log/apt/term.log: Cannot change ownership to uid 0, gid 4:
>> Operation not permitted
>> tar: ./var/local: Cannot change ownership to uid 0, gid 50: Operation not
>> permitted
>
>
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] Unprivileged containers on NFS

2018-01-29 Thread Daniel Urist 
I tried creating the rootfs on a local filesystem and then copying it to
the NFS filesystem with "cp -Rp", and that works, so maybe it's an issue
with tar? There's a discussion on the proxmox forums about tar setting acls
here:
 https://forum.proxmox.com/threads/lxc-containers-have-
extended-permissions-acl-by-default.25367/

But my host is running debian stretch (with a newer version of tar) and I
don't see any acls set on the local filesystem, so I guess that's not the
issue?

On Mon, Jan 29, 2018 at 11:55 AM, Daniel Urist  wrote:

> Is it possible to create unprivileged containers on NFS volumes? It seems
> to work fine for a privileged container, but when I try it for an
> unprivileged container I get the following errors:
>
>
>> Using image from local cache
>> Unpacking the rootfs
>> tar: ./var/mail: Cannot change ownership to uid 0, gid 8: Operation not
>> permitted
>> tar: ./var/log/wtmp: Cannot change ownership to uid 0, gid 43: Operation
>> not permitted
>> tar: ./var/log/lastlog: Cannot change ownership to uid 0, gid 43:
>> Operation not permitted
>> tar: ./var/log/dmesg: Cannot change ownership to uid 0, gid 4: Operation
>> not permitted
>> tar: ./var/log/btmp: Cannot change ownership to uid 0, gid 43: Operation
>> not permitted
>> tar: ./var/log/fsck/checkroot: Cannot change ownership to uid 0, gid 4:
>> Operation not permitted
>> tar: ./var/log/fsck/checkfs: Cannot change ownership to uid 0, gid 4:
>> Operation not permitted
>> tar: ./var/log/apt/term.log: Cannot change ownership to uid 0, gid 4:
>> Operation not permitted
>> tar: ./var/local: Cannot change ownership to uid 0, gid 50: Operation not
>> permitted
>
>
>
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users