Alexander Mikhalitsyn
Alexander Mikhalitsyn
> So using an unprivileged user with USER_NS was less safe than using a privileged user with apparmor confinement. I don't think so. unprivileged user + user namespace is a...
Hi @curable-online ! First of all, documentation says that: >When the -e flag is specified an ephemeral snapshot of the original container is created and started. Thus, `-e` implies `-s`....
jenkins: ok to test
Hi @amateur80lvl ! 1. Have you tried to use `lxc.net.X.type = veth` ? In this case LXC will create veth-pair for you. You can instruct LXC to add this veth...
Hi @curable-online ! >-e option makes lxc-copy to create a copy that is a snapshot and is ephemeral. Combination of -D and -e flags make lxc-copy to create a copy...
Hi @gtxaspec, unfortunately, pastebin links don't work. Couldn't you post full reproducer script from creating a chrooted environment (including chroot command and stuff)? > Running LXC 4.0 works fine running...
cc @stgraber or even @lxc/lxc ?
I have carefully analyzed this change and what was before and what we have now. Let's look on this chunk of code (old code): ``` if (options->namespaces & CLONE_NEWUSER) {...
To conclude, original intention clearly was to use `0` by default and use init's process UID/GID as a fallback. But it never worked correctly until Christian refactored the code and...
Hm, it looks like the same functionality is implemented in https://github.com/lxc/lxc/commit/32a07151939c6c251def2a1e5e04973e4c64103a cc @brauner