search for: uidmapshift

On 26.02.2014 17:59, Stephan Sachse wrote: >> # chown -R foo:foo /var/lib/libvirt/filesystems/mycontainer > > you must "shift" the uids for the container 0 -> 666, 1 -> 667, 2 -> > 668. there is a tool for this: uidmapshift I prepared two containers, the first I used chown, in the second uidmapshift, here is the results. ./uidmapshift -r /var/lib/libvirt/filesystems/mycontainer UIDs 666 - 666 GIDs 1001 - 2000 foo 28919 28917 0 14:42 ? 00:00:00 /sbin/init 747 28950 28919 0 14:42 ? 00:00:00...

...ung.com> wrote: > On 26.02.2014 17:59, Stephan Sachse wrote: >>> >>> # chown -R foo:foo /var/lib/libvirt/filesystems/mycontainer >> >> you must "shift" the uids for the container 0 -> 666, 1 -> 667, 2 -> >> 668. there is a tool for this: uidmapshift > > I prepared two containers, the first I used chown, in the second > uidmapshift, here is the results. > > ./uidmapshift -r /var/lib/libvirt/filesystems/mycontainer > UIDs 666 - 666 > GIDs 1001 - 2000 > > foo 28919 28917 0 14:42 ? 00:00:00 /sbin/init > 7...

Hi! I with my colleagues from Samsung trying to run systemd in Linux container. I saw that the others are experimenting in this topic, so I would like to present the results of my work and tests, perhaps it will be helpful to others. As the prototype I used a manual written by Daniel: https://www.berrange.com/posts/2013/08/12/running-a-full-fedora-os-inside-a-libvirt-lxc-guest/ After many

...e='passthrough'> <source dir='/var/lib/libvirt/lxc/test1'/> <target dir='/'/> </filesystem> ... </devices> Before start we need mount container's LVM: mount /dev/data/test1 /var/lib/libvirt/lxc/test1 And shift uid/gid: ./uidmapshift -b /var/lib/libvirt/lxc/test1 0 65535 65535 (uidmapshift.c is simple utility, found in LXD community) As result, our FS permissions look from hardware node as: [root@ops-node01.infra]# ls -la /var/lib/libvirt/lxc/test1/ total 8 dr-xr-xr-x 19 65535 65535 275 Apr 9 18:55 . drwxrwxrwx 3 root root...

> # chown -R foo:foo /var/lib/libvirt/filesystems/mycontainer you must "shift" the uids for the container 0 -> 666, 1 -> 667, 2 -> 668. there is a tool for this: uidmapshift some tools may not work, because of the missing file capabilities. chown removes all file capabilities! try ping as user inside the container. (missing file cap cap_net_admin,cap_net_raw) /stephan -- Software is like sex, it's better when it's free!