Instead you should use the "download" template which will provide you with pre-built images of the distributions that are known to work in such an environment. any operation against a uid/gid outside of the mapped setīecause of that, most distribution templates simply won't work with those.Unfortunately this also means that the following common operations aren't allowed: So should something go very wrong and an attacker manages to escape the container, they'll find themselves with about as many rights as a nobody user. That means that uid 0 (root) in the container is actually something like uid 100000 outside the container. Those use a map of uid and gid to allocate a range of uids and gids to a container. Unprivileged containers are the safest containers. On such an Ubuntu system, installing LXC is as simple as:Ĭreating unprivileged containers as a user ¶ Ubuntu is also one of the few (if not only) Linux distributions to come by default with everything that's needed for safe, unprivileged LXC containers. LXC bugfix releases are available directly in the distribution package repository shortly after release and those offer a clean (unpatched) upstream experience. ![]() If using Ubuntu, we recommend you use Ubuntu 18.04 LTS as your container host. ![]() Either directly in the distribution's package repository or through some backport channel.įor your first LXC experience, we recommend you use a recent supported release, such as a recent bugfix release of LXC 4.0. In most cases, you'll find recent versions of LXC available for your Linux distribution.
0 Comments
Leave a Reply. |