inga-lovinde
/
linux-on-desktop
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

updated info on lxc

Browse Source
main
Inga 🏳‍🌈 2 years ago
parent 589a411fb6
commit 239cae1622
1 changed files with 25 additions and 7 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 32
      README.md

32
README.md
Unescape View File

@ -188,6 +188,8 @@ Works by default, use Ctrl+Shift+C and Ctrl+Shift+V in foot
riverctl map normal Super period spawn 'rofi -modi emoji -show emoji'
```
(For some reason it broke after reboot and only copies things to clipboard, even though `wtype` continues to work without any problems)
## Other software
### Firefox
@ -449,9 +451,10 @@ doas /etc/init.d/iptables save
```
doas apk add lxc lxcfs lxc-download xz gnupg
echo "$(id -un):2000000:65536" | doas tee -a /etc/subuid
echo "$(id -un):2000000:65536 | doas tee -a /etc/subgid
echo "$(id -un):10000000:5000000" | doas tee -a /etc/subuid
echo "$(id -un):10000000:5000000 | doas tee -a /etc/subgid
echo "$(id -un) veth br0 10" | doas tee -a /etc/lxc/lxc-usernet
doas rc-update add cgroups lxc lxcfs dbus
```
#### Creating container
@ -464,8 +467,14 @@ lxc.net.0.link = br0
lxc.net.0.ipv4.address = 10.157.1.2/24 10.157.1.255
lxc.net.0.ipv4.gateway = 10.157.1.1
lxc.net.0.veth.pair = veth-if-0
lxc.idmap = u 0 2000000 65536
lxc.idmap = g 0 2000000 65536
# this is not a mistype, 500K should be enough for all your nesting needs, and 5M in /etc/subuid should be enough if you want to create any other containers
lxc.idmap = u 0 10000000 500000
lxc.idmap = g 0 10000000 500000
lxc.include = /usr/share/lxc/config/nesting.conf
lxc.apparmor.allow_nesting = 1
lxc.seccomp.allow_nesting = 1
lxc.mount.auto = proc sys cgroup:rw:force
```
Then:
@ -476,15 +485,24 @@ lxc-start -n CONTAINERNAME # make sure it does not produce any errors
lxc-attach -n CONTAINERNAME
```
You'll get into a container root console.
You'll get into a container root console.
(but still inside this container `apk cgroups start` will produce errors
and mount everything in /sys/fs/cgroups except for openrc as nobody:nobody,
and won't mount openrc at all, and nested containers won't work.)
#### Networking (container)
In container root console, check if network is up with `ifconfig`.
If there are no IPv4 address for eth0, you'll have to configure it manually,
by editing `/etc/network/interfaces` either with VI or with cat/echo.
by editing `/etc/network/interfaces`.
The easiest way to do it is by
```
doas nano ~/.local/share/lxc/CONTAINERNAME/rootfs/etc/network/interfaces`
```
on the host.
In the end it should look like
In the end the file should look like
```
auto eth0
iface eth0 inet static

Write Preview
Loading…
Cancel
Save