Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

So  if I understood correctly, this means that lxd could potentially suffer from a weakness in 'lxc monitor' meaning that it is more secure to run unprivileged containers using the low level lxc-... functions? -"lxc-users" wrote: - To: LXC users mailing-list From: Serge Hallyn Sent by

Re: [lxc-users] Networking issues with LXC containers in EC2

On Tue, Jan 12, 2016 at 6:31 AM, Peter Steele wrote: > From what I've read, I understand that Amazon has implemented some > special/restricted behavior for the networking stack of EC2 instances. The > question I have is whether I can accomplish what I've attempted here, > specifically, can I acces

[lxc-users] Networking issues with LXC containers in EC2

I first brought this issue up several weeks ago and have just got back to the work where I originally ran into this problem. The scenario is simple enough: - Create two EC2 instances running CentOS 7.1 - Configure these instances to used bridged networking - Create a LXC container running under

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

Quoting Carlos Alberto Lopez Perez (clo...@igalia.com): > On 11/01/16 23:13, Serge Hallyn wrote: > > Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch): > >> Hmm, this is interesting. > >> I am runnung my container from the unprivileged user 'lxduser' and yet: > >> > >> root@qumind:~# ps -ef

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

On 11/01/16 23:13, Serge Hallyn wrote: > Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch): >> Hmm, this is interesting. >> I am runnung my container from the unprivileged user 'lxduser' and yet: >> >> root@qumind:~# ps -ef | grep '[l]xc monitor' >> root 7609 1 0 11:54 ?00:

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch): > Hmm, this is interesting. > I am runnung my container from the unprivileged user 'lxduser' and yet: > > root@qumind:~# ps -ef | grep '[l]xc monitor' > root  7609 1  0 11:54 ?    00:00:00 [lxc monitor] > /var/lib/lxd/container

Re: [lxc-users] lxc templates

On 01/11/2016 08:58 PM, mattias jonsson wrote: So to create a lxc guest I only have to execute the script? e.g ./lxc-centos Use the command 'lxc-create'. tamas ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontai

Re: [lxc-users] lxc templates

So to create a lxc guest I only have to execute the script? e.g ./lxc-centos -Ursprungligt meddelande- Från: lxc-users [mailto:lxc-users-boun...@lists.linuxcontainers.org] För Tamas Papp Skickat: den 11 januari 2016 20:53 Till: LXC users mailing-list Ämne: Re: [lxc-users] lxc templates

Re: [lxc-users] lxc templates

On 01/11/2016 08:29 PM, mattias jonsson wrote: Where to find lxc templates like for openvz? LXC uses template scripts, take a look at /usr/share/lxc/templates (or something like that). LXD uses template images from https://images.linuxcontainers.org:8443. However, there is a solution to us

[lxc-users] lxc templates

Where to find lxc templates like for openvz? ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

Hmm, this is interesting. I am runnung my container from the unprivileged user 'lxduser' and yet: root@qumind:~# ps -ef | grep '[l]xc monitor' root  7609 1  0 11:54 ?    00:00:00 [lxc monitor] /var/lib/lxd/containers pgroonga What is wrong here? -"lxc-users" wrote: - To:

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

Quoting Carlos Alberto Lopez Perez (clo...@igalia.com): > On 08/01/16 19:58, Serge Hallyn wrote: > > Quoting Carlos Alberto Lopez Perez (clo...@igalia.com): > >> Hi, > >> > >> > >> Suppose that we create an unprivileged container as root (using the > >> download template or manually converting it w

Re: [lxc-users] Status: Debian Jessie support for unprivileged containers?

Quoting Fajar A. Nugraha (l...@fajar.net): > On Sat, Jan 9, 2016 at 4:58 PM, Xavier Gendre wrote: > > Le 09/01/2016 03:23, Fajar A. Nugraha a écrit : > >> Anyway, I wrote this several months ago, should be the easiest way to > >> get unpriv jessie on jessie: http://debian-lxc.github.io/ > >> The r

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

On 08/01/16 19:58, Serge Hallyn wrote: > Quoting Carlos Alberto Lopez Perez (clo...@igalia.com): >> Hi, >> >> >> Suppose that we create an unprivileged container as root (using the >> download template or manually converting it with uidmapshift). >> >> Such container config will contain (for exampl

Re: [lxc-users] docker in lxc

Quoting Tamas Papp (tom...@martos.bme.hu): > > > On 01/07/2016 07:28 PM, Serge Hallyn wrote: > >I've been playing with docker in lxd containers under cgroup namespaces. > >There are still a few things to tweak, but it mostly works. > > What settings or steps does it require? I've got a few patc

Re: [lxc-users] docker in lxc

On 01/07/2016 07:28 PM, Serge Hallyn wrote: I've been playing with docker in lxd containers under cgroup namespaces. There are still a few things to tweak, but it mostly works. What settings or steps does it require? # docker daemon --storage-driver=aufs FATA[] Error starting daemon: er