[prev in list] [next in list] [prev in thread] [next in thread] 

List:       lxc-users
Subject:    Re: [lxc-users] Docker in unprivileged LXC?
From:       Dirk Geschke <dirk () lug-erding ! de>
Date:       2019-11-20 16:33:11
Message-ID: 20191120163311.GA8855 () mail
[Download RAW message or body]

Hi Fajar,

> > half-and-half, I guess. But I asked for LXC not LXD...
> 
> I don't use lxc anymore (only lxd now), but you might be able to use
> https://github.com/lxc/lxc/blob/stable-3.0/config/templates/nesting.conf.in

yes I had it already, but did not work with unprivileged LXC.

> > However, if I start the container half unprivileged (starting
> > as root but using uid/gid mapping) it seems to work. So probably
> > that is the way to go here...
> >
> > Not ideally, but more secure then pure docker on the hardware...
> 
> Were you able to start the container? AFAIK you shouldn't be able to.
> It's good if you can.

Oh, it works somehow...

My idea was a little bit more complicate: I have some NVIDIA-
Cards in the server. I can bind-mount the devices in the LXC
and get a list of GPUs via nvidia-smi in the LXC. But this 
seems not wo work with docker :-/

There is an nivida-docker available, but that throws strange
error messages.

Best regards

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk@geschke-online.de / dirk@lug-erding.de  / kontakt@lug-erding.de |
+----------------------------------------------------------------------+
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

[prev in list] [next in list] [prev in thread] [next in thread]