From: Antonio Carlos Padoan Junior <acpadoanjr@yahoo.com.br>
To: Maxime Devos <maximedevos@telenet.be>
Cc: guix-devel <guix-devel@gnu.org>
Subject: Re: lxc and subuid
Date: Wed, 30 Mar 2022 15:13:17 +0200 [thread overview]
Message-ID: <87v8vvtwgi.fsf@yahoo.com.br> (raw)
In-Reply-To: <bdadd81f9b12c9ea50c4c38af4cb37d25825fc50.camel@telenet.be> (Maxime Devos's message of "Wed, 30 Mar 2022 13:30:22 +0200")
Thanks Maxime,
Maxime Devos <maximedevos@telenet.be> writes:
> Antonio Carlos Padoan Junior schreef op wo 30-03-2022 om 08:51 [+0200]:
>> Hello,
>>
>> I'm trying to figure out how to set a unprivileged container using lxc
>> in guix. I do not know either how to allocate subuid/gid space in guix,
>
> subuid/gid are _not_ unprivileged. They are an userspace feature by
> the (privileged) setuid binary 'newuidmap', see
> <https://manpages.debian.org/buster/uidmap/newuidmap.1.en.html>.
>
> I don't think there's currently a mechanism for that in Guix System,
> except manually creating and modifying /etc/subuid appropriately and
> installing the setuid binaries. However, I suppose that the 'user-
> account' record could be extended to support subuid/subgid and
> automatically create /etc/subuid.
I created them manually as you suggested. But now I'm in trouble with
the creation of virtual network interfaces for the container. It is not
possible to follow the standard lxc documentation and apply it for guix directly.
The same problem if I use lxd.
I'm looking the "Singularity service" as an alternative for lxc but it seem it does
not install the daemon (as per guix documentation). I have no idea
how to properly proceed and set a viable singularity deamon in my machine.
I will try docker service instead, but this is not exactly what I'm
looking for (but I hope at least it will work).
I have the feeling people create guix packages and services for
personal use but without minimal documentation on how to use properly on
guix. Please consider that as a critic from someone that has goodwill
but who is a little bit frustrated today.
>
> Greetings,
> Maxime
>
Best regards,
--
Antonio Carlos PADOAN JUNIOR
GPG fingerprint:
243F 237F 2DD3 4DCA 4EA3 1341 2481 90F9 B421 A6C9
next prev parent reply other threads:[~2022-03-30 13:38 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87v8vwj5la.fsf.ref@yahoo.com.br>
2022-03-30 6:51 ` lxc and subuid Antonio Carlos Padoan Junior
2022-03-30 11:30 ` Maxime Devos
2022-03-30 13:13 ` Antonio Carlos Padoan Junior [this message]
2022-03-30 13:23 ` Maxime Devos
2022-04-01 8:12 ` Ludovic Courtès
2022-04-02 13:52 ` Maxime Devos
2022-04-03 13:50 ` Antonio Carlos Padoan Junior
2022-04-05 11:53 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v8vvtwgi.fsf@yahoo.com.br \
--to=acpadoanjr@yahoo.com.br \
--cc=guix-devel@gnu.org \
--cc=maximedevos@telenet.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).