ZitZ's picture

Would unprivileged lxc containers be an viable option for the turnkey lxc appliance?

They would require that an unprivileged user be generated, with the appropriate configurations for lxc.

 

https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/

They work much better now that lxc 2.0 is available, which is now in debian sid.

Forum: 
Jeremy Davis's picture

Most of my LXC experience has been with Proxmox so I'm not 100% clear. AFAIK the TurnKey LXC appliance creates containers that are as unprivileged (as possible in Debian Jessie) by default. What that actually means though I'm not 100% clear. I do know that things like NFS don't work, unless you explicitly create a "privileged" container so there must be something going on there...
JOduMonT's picture

After few Try & Failed

I made a little recipies which is

1. deploy your Turnkey into a privileged container

2. remove postfix into the CT

3. backup it

4. restore it into a unprivileged container

and voilà!

 

 

lacikaxp's picture

Hi there,

 

I have similar issue. I backup my old LXC and I don't have access to old server. Now I want to restore it but I have this error. Any idea how to fix it?

 

tar: ./var/spool/postfix/dev/urandom: Cannot mknod: Operation not permitted

Jeremy Davis's picture

Once it's been launched as a privileged container, then you can remove dev/urandom (and dev/random too if it exists) from the Postfix chroot (/var/spool/postfix). I.e. like this:

rm -f /var/spool/postfix/dev/{urandom,random}

You can then create a new backup, which should be able to be launched as an unprivileged container if you wish.

Add new comment