Autor: g4sra Data: Para: dng Assunto: Re: [DNG] Any parties interested in lxc ?
On 06/10/2020 04:36, tom wrote: > On Mon, 5 Oct 2020 11:30:10 +0100
> g4sra via Dng <dng@???> wrote: --snip-- >
> Unprivileged containers I still have not figured out how to generate. If you would like I may be able to give guidance on generating them in Devuan.
You would have to translate that into Ubuntu yourself, I only install it for
other Users and do not use Ubuntu myself so lack the required familiarity.
> I
> have a script that creatures unprivileged containers and lxc comes with
> a template downloader script. However those templates are downloaded
> from some Ansible server hosted on Canonical's website. The images are
> generated from /HIGHLY/ abstracted Ansible templates, not actual
> source code or bash scripts. Because of this it's very difficult to
> figure out what's really going on as the specifics are all abstracted
> away. One of Canonical's business practices that made me veer away from Ubuntu years ago.
> The difference between a script that builds a Devuan image for
> a container and a script that builds a Devuan image for a container then
> then 'underprivilegizes' it with subuids/subgids. Actually quite easy to unpriviledgise (is that a 'word'?) a container.
I used that technique to debug my LXC configuration, copying a working
container built by 'root' I knew any issues were of my creation.
> Maybe you being a Redhat stuff expert Please, no, not an 'expert', more a dysfunctional geek, and not of Red Hat.
There were only two true contenders for business use back then, Red Hat or SUSE.
I preferred the American Style to the German Style, but it was a very close call otherwise.
Red Hat was good when it was built by two guys, the pioneer of the two working from his bedroom.
It was even better when the Community rallied and he built a team around him.
Then commercial interests took over, and since the RHEL split with the move from Fedora Core to Fedora its been downhill ever since.
I don't like Red Hat(IBM), and that is why I am here.
> would be able to enlighten us
> on that and I could then modify my script to be able to create
> unprivileged containers too instead of relying on some Canonical
> webserver always being up and accessible or having to build out a QA
> server when I really don't need one just to create local containers. Ok lets have a crack at it, remote administration by proxy.
Let's split the unprivileged task to avoid muddying the waters...
Which would you like to try first, system (root) containers or User containers ?
And does the following create a working privileged container OK ?
~
$ lxc-create -n beowulf -t download -- -d devuan -r beowulf -a amd64
> Can I put attachments on emails to the dyne mailing lists? No idea, so I attached one to see what would happen...