差分
このページの2つのバージョン間の差分を表示します。
| 両方とも前のリビジョン 前のリビジョン 次のリビジョン | 前のリビジョン | ||
| linux:lxc:lxc-download [2014/01/11 14:41] – tenforward | linux:lxc:lxc-download [2014/01/14 11:19] (現在) – tenforward | ||
|---|---|---|---|
| 行 1: | 行 1: | ||
| + | (更新: 2014-01-14) | ||
| + | |||
| + | メタデータのうち, | ||
| + | * fstab は必須でなくなった (あれば上書き) | ||
| + | * expiry も必須でなくなった (なければ expire しない) | ||
| + | |||
| + | ---- | ||
| + | |||
| + | (このページはメモです.そのうち消えるかも? | ||
| + | |||
| これを読んだそのまま | これを読んだそのまま | ||
| * http:// | * http:// | ||
| 行 192: | 行 202: | ||
| * (参考) http:// | * (参考) http:// | ||
| + | |||
| + | ---- | ||
| + | Just a quick note for the new template you'd create to unpack this, to | ||
| + | hopefully save you a bit of frustration: | ||
| + | template, you have to do | ||
| + | |||
| + | tar --anchored --exclude=" | ||
| + | |||
| + | and then create bind mount fstab entries for the crucial devices. | ||
| + | |||
| + | ---- | ||
| + | pre-build にする理由 | ||
| + | |||
| + | < | ||
| + | > > Not an objection but a question to understand more. I'm assuming the | ||
| + | > > problem is the tools that used for bootstrapping (like | ||
| + | > > debootstrap/ | ||
| + | > > case, can't we write something (like setting suid bit or giving | ||
| + | > > required capabilities via libcap) to make unprivileged user to create | ||
| + | > > the container using regular templates? | ||
| + | > | ||
| + | > The main problem we have at the moment is anything attempting to mknod. | ||
| + | > Then we have some templates like fedora which use loop mounts and other | ||
| + | > similar restricted kernel features. | ||
| + | |||
| + | And to be clear, adding suid bits won't help as the templates run in a | ||
| + | user namespace. | ||
| + | allowed there for now, period. | ||
| + | </ | ||
| + | |||