差分
このページの2つのバージョン間の差分を表示します。
| 両方とも前のリビジョン 前のリビジョン 次のリビジョン | 前のリビジョン | ||
| linux:lxc:lxc-download [2014/01/12 11:36] – tenforward | linux:lxc:lxc-download [2014/01/14 11:19] (現在) – tenforward | ||
|---|---|---|---|
| 行 1: | 行 1: | ||
| + | (更新: 2014-01-14) | ||
| + | |||
| + | メタデータのうち, | ||
| + | * fstab は必須でなくなった (あれば上書き) | ||
| + | * expiry も必須でなくなった (なければ expire しない) | ||
| + | |||
| + | ---- | ||
| + | |||
| (このページはメモです.そのうち消えるかも? | (このページはメモです.そのうち消えるかも? | ||
| 行 203: | 行 211: | ||
| and then create bind mount fstab entries for the crucial devices. | and then create bind mount fstab entries for the crucial devices. | ||
| + | |||
| + | ---- | ||
| + | pre-build にする理由 | ||
| + | |||
| + | < | ||
| + | > > Not an objection but a question to understand more. I'm assuming the | ||
| + | > > problem is the tools that used for bootstrapping (like | ||
| + | > > debootstrap/ | ||
| + | > > case, can't we write something (like setting suid bit or giving | ||
| + | > > required capabilities via libcap) to make unprivileged user to create | ||
| + | > > the container using regular templates? | ||
| + | > | ||
| + | > The main problem we have at the moment is anything attempting to mknod. | ||
| + | > Then we have some templates like fedora which use loop mounts and other | ||
| + | > similar restricted kernel features. | ||
| + | |||
| + | And to be clear, adding suid bits won't help as the templates run in a | ||
| + | user namespace. | ||
| + | allowed there for now, period. | ||
| + | </ | ||