Re: [Lxc-users] What is the latest status for Nested Containers in Ubuntu 12.10 and 13.04

2013-04-17 Thread brian mullan
Stephane note: I am using Ubuntu 13.04 Made the changes you suggested to my container config: - lxc.aa_profile = lxc-container-default-with-nesting - lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups but at that point I followed your blog post instructions (/ https://www.stgraber.org/2

[Lxc-users] Sharing a single rootfs between multiple containers

2013-04-17 Thread Vallevand, Mark K
I would like to create my containers to share a single rootfs directory. I create a master container using lxc-create using my variation of the ubuntu template and my config file. I also install additional programs into the rootfs. At this point, I have a program using liblxc which does the wo

Re: [Lxc-users] Cloning container over network

2013-04-17 Thread Andrew Grigorev
Lxctl 17.04.2013 16:47, Lee Hambley ?: but i'd not recommend to use it :-) You don't recommend lxtctl, or the migration feature? Lee Hambley -- http://lee.hambley.name/ +49 (0) 170 298 5667 On 17 April 2013 14:19, Andrew Grigorev > wrote: Lxctl https

Re: [Lxc-users] VALE as networking option in LXC

2013-04-17 Thread Natale Patriciello
On 17/04/13 at 10:29am, Zhu Yanhai wrote: > > It should be ok, did you restart the container after config file change? Or > maybe it's because you drop CAP_SYS_MODULE or CAP_MKNOD in the config file > by mistake? > You're right, I had CAP_MKNOD dropped. First results shows that, with netmap, I h

Re: [Lxc-users] Cloning container over network

2013-04-17 Thread brian mullan
Robin... Not sure if I understand your question totally but you might want to take a look at Crate by Evan Hazlett. Per the site: https://github.com/ehazlett/crate Crate Linux container management. Crate uses Fabric to manage remote hosts. Currently tested on Ubuntu 12.

Re: [Lxc-users] Internal IP address not always assigned

2013-04-17 Thread Mertz, Jean
Thank you for your detailed explanation. I've finally found out what the problem was, it was related to iptable rules being too strict for the container to retrieve an IP address. I don't know how to solve this, or which rule causes this, but for completeness sake, here are my iptable rules: root@

Re: [Lxc-users] Cloning container over network

2013-04-17 Thread Lee Hambley
> > but i'd not recommend to use it :-) You don't recommend lxtctl, or the migration feature? Lee Hambley -- http://lee.hambley.name/ +49 (0) 170 298 5667 On 17 April 2013 14:19, Andrew Grigorev wrote: > Lxctl https://github.com/lxctl/lxctl with options 'migrate --clone' can > do this, but

Re: [Lxc-users] Cloning container over network

2013-04-17 Thread Andrew Grigorev
Lxctl https://github.com/lxctl/lxctl with options 'migrate --clone' can do this, but i'd not recommend to use it :-). 17.04.2013 15:09, Robin Monjo (appldiget) ?: I'd like to be able to clone a lxc container over the network. For example, I have a machine that contains lxc containers and on

Re: [Lxc-users] Cloning container over network

2013-04-17 Thread David Parks
Personally I just tar them up and move them following this process: 1) Pack them up - don't forget -numeric-owner so the file permissions carry across properly tar --numeric-owner -c -v -z -f Base-GoldStandard.tar.gz Base-GoldStandard/ 2) Unpack them tar -xvf Base-GoldS

Re: [Lxc-users] Cloning container over network

2013-04-17 Thread Papp Tamas
On 04/17/2013 01:09 PM, Robin Monjo (appldiget) wrote: > I'd like to be able to clone a lxc container over the network. For example, I > have a machine that > contains lxc containers and on another machine, clone these containers and > use them. Any idea ? Use rsync, tar, zfs send/recv, btrfs se

[Lxc-users] Cloning container over network

2013-04-17 Thread Robin Monjo (appldiget)
I'd like to be able to clone a lxc container over the network. For example, I have a machine that contains lxc containers and on another machine, clone these containers and use them. Any idea ?-- Precog is a next-generati

[Lxc-users] Mount to NFS fails in containers fstab, but succeeds in the host & guest OS's

2013-04-17 Thread David Parks
On the host OS, this NFS command works: mount -t nfs4 -o rw,intr,timeo=600,port=2051 10.1.3.67:/ /mnt/hdfs That same mount works from within the container (the container is set to unconfined so it can perform mounts). When I try to add this mount to the fstab file of the container it fails: ro

[Lxc-users] Dropping sys_admin capability and procfs and sysfs ro-mount security

2013-04-17 Thread Nd Dn
How secure is combination of dropping sys_admin capability and mounting proc and sys read-only? What would be potential attack vector to break out from such container? What are downsides of running such container? I've tried running debian with nginx, php-fpm and standard stuff like syslog, ssh, g

Re: [Lxc-users] VALE as networking option in LXC

2013-04-17 Thread Natale Patriciello
On 16/04/13 at 06:45pm, Zhu Yanhai wrote: > I think the 'tcp friends' feature in the latest upstream kernel can do the > same thing with it. See http://lwn.net/Articles/511254/. > Actually, I'm focused to lower layers (in particular ethernet layer), so any improvements to TCP doesn't fit well into