Comments (3)
harridu
commented on August 15, 2024
Ain't the proper isolation of the containers wrt UIDs and GIDs an LXC issue? I would be very interested in this feature for LXC.
from lxd.
stgraber
commented on August 15, 2024
LXC lets you do it already, making it automatic and more user friendly is where LXD comes in.
from lxd.
stgraber
commented on August 15, 2024
Instead of doing security groups, we'll just implement
- security.idmap.size: auto (if non-isolated, all mappable uid/gid, if isolated, 65536)
- security.idmap.isolated: false
- raw.idmap: |-
both 1000 1000
uid 100 2500
gid 10 3000
uid 50-60 50-60
To have all containers on separate maps, the user will just need to set:
- security.idmap.isolated: true
Which will have each container get its own chunk of 65536 uid/gid.
To have a different sized chunk you can set:
- security.idmap.size: 1000000
Which will bump the uid/gid allocation to a million.
To setup custom maps, passing uid 1000 from the host to container, one can set:
- raw.idmap: |-
uid 1000 1000
Format is "type", "host", "container".
Ranges can be used for "host" and "container" (must be of same size) using "START-END" notation.
from lxd.
Related Issues (20)
- Multipass (using driver lxd): Could not determine IP address within 120000ms HOT 12
- doc: Unclear Btrfs driver unefficiency HOT 2
- `lxc config show <instance>` for an instance on an offline cluster member fails
- Inconsistencies on `/dev/disk/by-id/*` when using similar long device names and multipath HOT 6
- LXD not properly working with nftables workflow
- LXD 5.20: rsync errors with lxc copy and files with NTACLs HOT 3
- Using a client join token only works when talking to the cluster member that generated it HOT 1
- Use ECDSA in PKI tests
- Allow `lxc init/launch` of an instance where the source image is in another project
- lxd/lxc cannot write on /tmp/snap-private-tmp/snap.lxd/tmp HOT 4
- Enable optimized backups when using the Ceph RBD driver HOT 1
- Clarify the availability of optimized backups for the storage drivers HOT 2
- Add support for optimized-storage backups with ceph
- Investigate whether image export requests over devlxd should use the instances' project
- OVN load balancer backend health checks
- Desktop image cannot be unlocked HOT 1
- [Bug][6.1] : `lxc config device add <device_name> eth0 none` fails with ws error HOT 10
- "Unable to run feature checks during QEMU initialization: open /tmp/1373261747: no such file or directory" breaks VM use cases HOT 10
- Unable to join LXD Cluster on 6.1 HOT 29
- Support of Backup Management
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lxd.