Re: lxc and subuid

[Maxime Devos]

Antonio Carlos Padoan Junior schreef op wo 30-03-2022 om 15:13 [+0200]:
> Thanks Maxime,
> 
> 
> Maxime Devos <maximedevos@telenet.be> writes:
> 
> > Antonio Carlos Padoan Junior schreef op wo 30-03-2022 om 08:51 [+0200]:
> > > Hello,
> > > 
> > > I'm trying to figure out how to set a unprivileged container using lxc
> > > in guix. I do not know either how to allocate subuid/gid space in guix,
> > 
> > subuid/gid are _not_ unprivileged.  They are an userspace feature by
> > the (privileged) setuid binary 'newuidmap', see
> > <https://manpages.debian.org/buster/uidmap/newuidmap.1.en.html>.
> > 
> > I don't think there's currently a mechanism for that in Guix System,
> > except manually creating and modifying /etc/subuid appropriately and
> > installing the setuid binaries.  However, I suppose that the 'user-
> > account' record could be extended to support subuid/subgid and
> > automatically create /etc/subuid.
> 
> I created them manually as you suggested. But now I'm in trouble with
> the creation of virtual network interfaces for the container. It is not
> possible to follow the standard lxc documentation and apply it for guix 
> directly.
> The same problem if I use lxd. 
> 
> I'm looking the "Singularity service" as an alternative for lxc but it seem 
> it does
> not install the daemon (as per guix documentation). I have no idea
> how to properly proceed and set a viable singularity deamon in my machine.
> 
> I will try docker service instead, but this is not exactly what I'm
> looking for (but I hope at least it will work).
> 
> I have the feeling people create guix packages and services for
> personal use but without minimal documentation on how to use properly on
> guix. Please consider that as a critic from someone that has goodwill
> but who is a little bit frustrated today.

I'm not familiar with lxc, lxd, Docker or Singularity so I'm afraid I
cannot help here.

Greetings,
Maxime.

signature.asc
Description: This is a digitally signed message part