[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lxc and subuid
From: |
Maxime Devos |
Subject: |
Re: lxc and subuid |
Date: |
Wed, 30 Mar 2022 15:23:44 +0200 |
User-agent: |
Evolution 3.38.3-1 |
Antonio Carlos Padoan Junior schreef op wo 30-03-2022 om 15:13 [+0200]:
> Thanks Maxime,
>
>
> Maxime Devos <maximedevos@telenet.be> writes:
>
> > Antonio Carlos Padoan Junior schreef op wo 30-03-2022 om 08:51 [+0200]:
> > > Hello,
> > >
> > > I'm trying to figure out how to set a unprivileged container using lxc
> > > in guix. I do not know either how to allocate subuid/gid space in guix,
> >
> > subuid/gid are _not_ unprivileged. They are an userspace feature by
> > the (privileged) setuid binary 'newuidmap', see
> > <https://manpages.debian.org/buster/uidmap/newuidmap.1.en.html>.
> >
> > I don't think there's currently a mechanism for that in Guix System,
> > except manually creating and modifying /etc/subuid appropriately and
> > installing the setuid binaries. However, I suppose that the 'user-
> > account' record could be extended to support subuid/subgid and
> > automatically create /etc/subuid.
>
> I created them manually as you suggested. But now I'm in trouble with
> the creation of virtual network interfaces for the container. It is not
> possible to follow the standard lxc documentation and apply it for guix
> directly.
> The same problem if I use lxd.
>
> I'm looking the "Singularity service" as an alternative for lxc but it seem
> it does
> not install the daemon (as per guix documentation). I have no idea
> how to properly proceed and set a viable singularity deamon in my machine.
>
> I will try docker service instead, but this is not exactly what I'm
> looking for (but I hope at least it will work).
>
> I have the feeling people create guix packages and services for
> personal use but without minimal documentation on how to use properly on
> guix. Please consider that as a critic from someone that has goodwill
> but who is a little bit frustrated today.
I'm not familiar with lxc, lxd, Docker or Singularity so I'm afraid I
cannot help here.
Greetings,
Maxime.
signature.asc
Description: This is a digitally signed message part