From 239cae16223659e1056ec29711ceedbc861d0167 Mon Sep 17 00:00:00 2001 From: Inga Date: Sun, 4 Sep 2022 03:18:39 +0200 Subject: [PATCH] updated info on lxc --- README.md | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 3ca99f9..3c8ab01 100644 --- a/README.md +++ b/README.md @@ -188,6 +188,8 @@ Works by default, use Ctrl+Shift+C and Ctrl+Shift+V in foot riverctl map normal Super period spawn 'rofi -modi emoji -show emoji' ``` +(For some reason it broke after reboot and only copies things to clipboard, even though `wtype` continues to work without any problems) + ## Other software ### Firefox @@ -449,9 +451,10 @@ doas /etc/init.d/iptables save ``` doas apk add lxc lxcfs lxc-download xz gnupg -echo "$(id -un):2000000:65536" | doas tee -a /etc/subuid -echo "$(id -un):2000000:65536 | doas tee -a /etc/subgid +echo "$(id -un):10000000:5000000" | doas tee -a /etc/subuid +echo "$(id -un):10000000:5000000 | doas tee -a /etc/subgid echo "$(id -un) veth br0 10" | doas tee -a /etc/lxc/lxc-usernet +doas rc-update add cgroups lxc lxcfs dbus ``` #### Creating container @@ -464,8 +467,14 @@ lxc.net.0.link = br0 lxc.net.0.ipv4.address = 10.157.1.2/24 10.157.1.255 lxc.net.0.ipv4.gateway = 10.157.1.1 lxc.net.0.veth.pair = veth-if-0 -lxc.idmap = u 0 2000000 65536 -lxc.idmap = g 0 2000000 65536 +# this is not a mistype, 500K should be enough for all your nesting needs, and 5M in /etc/subuid should be enough if you want to create any other containers +lxc.idmap = u 0 10000000 500000 +lxc.idmap = g 0 10000000 500000 + +lxc.include = /usr/share/lxc/config/nesting.conf +lxc.apparmor.allow_nesting = 1 +lxc.seccomp.allow_nesting = 1 +lxc.mount.auto = proc sys cgroup:rw:force ``` Then: @@ -476,15 +485,24 @@ lxc-start -n CONTAINERNAME # make sure it does not produce any errors lxc-attach -n CONTAINERNAME ``` -You'll get into a container root console. +You'll get into a container root console. + +(but still inside this container `apk cgroups start` will produce errors +and mount everything in /sys/fs/cgroups except for openrc as nobody:nobody, +and won't mount openrc at all, and nested containers won't work.) #### Networking (container) In container root console, check if network is up with `ifconfig`. If there are no IPv4 address for eth0, you'll have to configure it manually, -by editing `/etc/network/interfaces` either with VI or with cat/echo. +by editing `/etc/network/interfaces`. +The easiest way to do it is by +``` +doas nano ~/.local/share/lxc/CONTAINERNAME/rootfs/etc/network/interfaces` +``` +on the host. -In the end it should look like +In the end the file should look like ``` auto eth0 iface eth0 inet static