Browse Source

addition for newest post

Josef Eberle 6 months ago
2 changed files with 12 additions and 2 deletions
  1. +11
  2. +1

+ 11
- 1
content/posts/ View File

@@ -2,7 +2,7 @@
title: "Unprivileged LXC"
description: "Containering all the way"
date: 2019-12-02T10:00:00+01:00
lastmod: 2019-12-05T12:00:+01:00
lastmod: 2019-12-10T13:00:+01:00
tags: ["unprivileged", "container", "lxc", "networking", "netcup"]
toc: true
@@ -337,6 +337,16 @@ Because users usually don't get logged in until... well... somone logs in as tha
loginctl enable-linger upriv

This adds another quirk to the system though. If I now tried to stop and then start a container started by this systemd service I ran into an error. I'm not completely sure to why that is, but I'm guessing that it has to do with it being different sessions. As a workaround I added following lines to upriv's bash alias file that gets loaded on logon:
> ~/bash_aliases

alias sys-lxc-stop='systemd-run --user lxc-stop'
alias sys-lxc-start='systemd-run --user lxc-start'

With that I can use the commands `sys-lxc-stop` and `sys-lxc-start` while logged into as user upriv for stopping and starting containers in the systemd context.

## The conclusion
As far as I'm concerned it took me a long time to figure all these things out, but having the steps all neatly put underneath each other it's actually pretty simple and quick to do. And I know it might have been faster to just use Docker or another containering solution, but I wanted to have it as basic as possible, so not too much of the setup process is getting lost in abstraction. This helped me understand a lot about Linux containering and the OS in general.
There is still one thing I'd like to do though and that is getting a grip on cgroups to manage the physical resources a container is able to use, but that is something I haven't spent any time on at all. But there might be a post about it in the future.

+ 1
- 1

@@ -1 +1 @@
Subproject commit 112f09984332390e60ac79b3269ce3d3c2e51139
Subproject commit f36158edc81fe652e9bb4aae27e919b88f40ef9d