mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-01-21 00:21:37 +01:00
c0513a03ba
Previously, lxcfs failed when the kernel modules were not listed the lsmod output. Built-in kernel modules never show up in lsmod, thus the service could not be properly started on such systems. Fixes #9214.
Alpine Linux unprivileged LXC containers ======================================== At the moment unprivileged containers are only working with linux-vanilla. They may work with grsecurity in the future with the following disabled: echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_mount echo 0 > /proc/sys/kernel/grsecurity/chroot_deny_pivot echo 0 > /proc/sys/kernel/grsecurity/chroot_caps see also: https://en.wikibooks.org/wiki/Grsecurity/Runtime_Configuration ------------------------------------------------------------------------------- Instructions: ------------- (a) add the name(s) of the containers to run unprivileged to /etc/conf.d/lxcfs (b) rc-service lxcfs setup => converts privileged => unprivileged containers => creates /etc/subuid & /etc/subgid (c) rc-service lxcfs start (d) rc-update add lxcfs (e) rc-service lxcfs info => print & add config file settings to the containers ------------------------------------------------------------------------------- Start the container & verify processes are running unprivileged: ps aux | grep 100000