On Thu, Apr 27, 2017 at 8:12 AM, T.C 吳天健 <[email protected]> wrote:
> What's the trick of building unprivileged container rootfs by the way ? > I believe the answer is "you don't". Build the images privileged, then shift the uids when used as unpriv. > I guess device files permission might matters, any others ? > > - build rootfs (e.g. using image, template, convert existing VM, or whatever method you choose) as root. This includes creating necessary device nodes. - (optional) create a tar archive, or publish it as lxd image - change file u/gids using fuidshift (or similar tools): http://packages.ubuntu.com/xenial-backports/amd64/lxd-tools/filelist http://manpages.ubuntu.com/manpages/xenial/man1/fuidshift.1.html -- Fajar
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
