ZitZ's picture
ZitZ - Sun, 2016/06/12 - 17:19

Would unprivileged lxc containers be an viable option for the turnkey lxc appliance?

They would require that an unprivileged user be generated, with the appropriate configurations for lxc.

 

https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/

They work much better now that lxc 2.0 is available, which is now in debian sid.

Forum: 
General
Jeremy Davis's picture

Jeremy Davis - Tue, 2016/06/14 - 01:50
Most of my LXC experience has been with Proxmox so I'm not 100% clear. AFAIK the TurnKey LXC appliance creates containers that are as unprivileged (as possible in Debian Jessie) by default. What that actually means though I'm not 100% clear. I do know that things like NFS don't work, unless you explicitly create a "privileged" container so there must be something going on there...
JOduMonT's picture

JOduMonT - Wed, 2017/10/04 - 05:03

After few Try & Failed

I made a little recipies which is

1. deploy your Turnkey into a privileged container

2. remove postfix into the CT

3. backup it

4. restore it into a unprivileged container

and voilà!

 

 

lacikaxp's picture

lacikaxp - Wed, 2020/08/26 - 10:26

Hi there,

 

I have similar issue. I backup my old LXC and I don't have access to old server. Now I want to restore it but I have this error. Any idea how to fix it?

 

tar: ./var/spool/postfix/dev/urandom: Cannot mknod: Operation not permitted

Jeremy Davis's picture

Jeremy Davis - Thu, 2020/08/27 - 02:10

Once it's been launched as a privileged container, then you can remove dev/urandom (and dev/random too if it exists) from the Postfix chroot (/var/spool/postfix). I.e. like this:

rm -f /var/spool/postfix/dev/{urandom,random}

You can then create a new backup, which should be able to be launched as an unprivileged container if you wish.

Add new comment