README.md


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

Beggar Containers
=================

A wrapper for LXC unprivileged containers.

Example
-------

Enforcing `PATH` to avoid issues with firejail:

    PATH=/bin:/usr/bin lxc-create --name alpine -t download -- -d alpine -r edge -a amd64

Development notes
-----------------

### ACL

    getfacl . .local .local/share
    sudo setfacl -m u:427680:x . .local .local/share
    sudo setfacl --remove-all  . .local .local/share

### AppArmor

      lxc-start 20171227032456.513 WARN     lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:218 - Incomplete AppArmor support in your kernel
      lxc-start 20171227032456.516 ERROR    lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:220 - If you really want to start this container, set
      lxc-start 20171227032456.519 ERROR    lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:221 - lxc.aa_allow_incomplete = 1
      lxc-start 20171227032456.521 ERROR    lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:222 - in your container configuration file
      lxc-start 20171227032456.527 ERROR    lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 5)

References
----------

* [LXC 1.0: Blog post series [0/10] | Stéphane Graber's website](https://stgraber.org/2013/12/20/lxc-1-0-blog-post-series/).
* [Linux Containers - LXC - Getting started](https://linuxcontainers.org/lxc/getting-started/).
* [Configuring Unprivileged LXC containers in Debian Jessie](https://myles.sh/configuring-lxc-unprivileged-containers-in-debian-jessie/).
* [userns - What is an unprivileged LXC container? - Unix & Linux Stack Exchange](https://unix.stackexchange.com/questions/177030/what-is-an-unprivileged-lxc-container#177031).
* [Flockport - LXC using unprivileged containers](https://archives.flockport.com/lxc-using-unprivileged-containers/).
* [Flockport - Run accelerated GUI apps in LXC containers](https://archives.flockport.com/run-gui-apps-in-lxc-containers/).
* [How to create unprivileged LXC container on Ubuntu Linux 14.04 LTS – nixCraft](https://www.cyberciti.biz/faq/how-to-create-unprivileged-linux-containers-on-ubuntu-linux/).