On Wed, 13 Jul 2016 17:41:25 +0700 "Fajar A. Nugraha" <[email protected]> wrote:
> Did you read the link? Relevant part pasted here (shift uid/gids, > EXCEPT for uid 1000) > > lxc.id_map = u 0 100000 1000 > lxc.id_map = g 0 100000 1000 > lxc.id_map = u 1000 1000 1 > lxc.id_map = g 1000 1000 1 > lxc.id_map = u 1001 101001 64535 > lxc.id_map = g 1001 101001 64535 > > > what you did was "map uid 250 as is", but then also "map uid 0-999 > (which obviously include 250) to 1000000-1000999" Well, I thought I read the link, but then reading and understanding are apparently different. Yes, this is the correct answer. I'll end up using something like the following: lxc.id_map = u 0 100000 250 lxc.id_map = g 0 100000 250 lxc.id_map = u 250 250 1 lxc.id_map = g 250 250 1 lxc.id_map = u 251 100251 1749 lxc.id_map = g 251 100251 1749 On Wed, 13 Jul 2016 11:26:53 +0000 "J__kel, Guido" <[email protected]> wrote: > As said: You don't need write access to the portage tree, but at the > distfiles cache holding the fetches source tarballs . And the package > repository, if you let build bin packages (, and you want this, if > you use more than a few Gentoo instances). But you may configure > other locations or it outside the portage tree with the ebuild > receipts. Thanks, I've changed user of distfiles to uid=100000: # ls -lad /usr/portage/distfiles/ drwxrwsr-x 5 fakeroot portage 360448 Jul 14 14:58 /usr/portage/distfiles/ Prescient advice about bin packages too. > > > BTW: Instead of mapping the uid/gid for portage, you may be also > change it inside the containers password/group files to the shifted > one. It's depend on your policy of the "border of the container", if > this is a proper way to handle the clash to offer a outerworld-shared > resource inside an restricted environment of a unprivileged container. I don't know how this would work. If portage starts off on the host as uid 250, how can it appear in a container as anything useful without uid mapping? > > Guido Thanks for the advice, Fajar and Guido. Fog_Watch. _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
