ZitZ's picture

Would unprivileged lxc containers be an viable option for the turnkey lxc appliance?

They would require that an unprivileged user be generated, with the appropriate configurations for lxc.



They work much better now that lxc 2.0 is available, which is now in debian sid.

Jeremy Davis's picture

Most of my LXC experience has been with Proxmox so I'm not 100% clear. AFAIK the TurnKey LXC appliance creates containers that are as unprivileged (as possible in Debian Jessie) by default. What that actually means though I'm not 100% clear. I do know that things like NFS don't work, unless you explicitly create a "privileged" container so there must be something going on there...
JOduMonT's picture

After few Try & Failed

I made a little recipies which is

1. deploy your Turnkey into a privileged container

2. remove postfix into the CT

3. backup it

4. restore it into a unprivileged container

and voilà!



lacikaxp's picture

Hi there,


I have similar issue. I backup my old LXC and I don't have access to old server. Now I want to restore it but I have this error. Any idea how to fix it?


tar: ./var/spool/postfix/dev/urandom: Cannot mknod: Operation not permitted

Jeremy Davis's picture

Once it's been launched as a privileged container, then you can remove dev/urandom (and dev/random too if it exists) from the Postfix chroot (/var/spool/postfix). I.e. like this:

rm -f /var/spool/postfix/dev/{urandom,random}

You can then create a new backup, which should be able to be launched as an unprivileged container if you wish.

Add new comment