ba96f46141c28b48a0e386e52f0a33b9fc45cf61
glossary.md
| ... | ... | @@ -6,6 +6,7 @@ |
| 6 | 6 | * [apt_dpkg](/linux/apt_dpkg) |
| 7 | 7 | * [arduino](/hardware/arduino) |
| 8 | 8 | * [at](/linux/at) |
| 9 | +* [awx](/iac/awx) |
|
| 9 | 10 | * [azure](/cloud_saas/azure) |
| 10 | 11 | |
| 11 | 12 | ## b |
| ... | ... | @@ -139,6 +140,7 @@ |
| 139 | 140 | * [sysv](/linux/sysv) |
| 140 | 141 | |
| 141 | 142 | ## t |
| 143 | +* [tarsnap](/software/tarsnap) |
|
| 142 | 144 | * [tcpdump](/software/tcpdump) |
| 143 | 145 | * [termux](/software/termux) |
| 144 | 146 | * [tmux](/software/tmux) |
virtualisation/lxc.md
| ... | ... | @@ -301,3 +301,41 @@ gollum haproxy log pastebin radicale site stagit znc ftp |
| 301 | 301 | ``` |
| 302 | 302 | mp0: /path/on/host,mp=/mount/path/on/container |
| 303 | 303 | ``` |
| 304 | + |
|
| 305 | +## uid/gid mapping |
|
| 306 | +* in lxc conf |
|
| 307 | +``` |
|
| 308 | +lxc.idmap: u 0 100000 1005 |
|
| 309 | +lxc.idmap: g 0 100000 1005 |
|
| 310 | +lxc.idmap: u 1005 1005 1 |
|
| 311 | +lxc.idmap: g 1005 1005 1 |
|
| 312 | +lxc.idmap: u 1006 101006 64530 |
|
| 313 | +lxc.idmap: g 1006 101006 64530 |
|
| 314 | +``` |
|
| 315 | +* explanation taken from [itsembedded][] |
|
| 316 | +> The format of the lxc.idmap configuration lines are <u/g> <guest_start_id> <host_start_id> <num_of_ids_to_map>, where <u/g> selects whether the mapping is for user id’s or group id’s. |
|
| 317 | +> |
|
| 318 | +> Below is an explanation of what each mapping combination does: |
|
| 319 | +> |
|
| 320 | +> * (u/g) 0 10000 1000 - map 1000 ID’s starting from 0, to ID’s starting at 100000. This means that the ROOT UID/GID 0:0 on the guest will be mapped to 100000:100000 on the host, 1:1 will be mapped to 100001:1000001, and so on. |
|
| 321 | +> |
|
| 322 | +> * (u/g) 1000 1000 1 - map the UID/GID pair 1000:1000 to 1000:1000 on the host. The number 1 is there to specify we’re only mapping a single ID, and not a range. |
|
| 323 | +> |
|
| 324 | +> * (u/g) 1001 101000 64535 - map 64535 ID’s starting at 1001, to ID’s starting at 101000. This means that UID/GID pair 1001:1001 on the guest will be mapped to 101000:101000, 1002:1002 to 101001:101001, all the way to finally 65535:65535 to 165534:165534. |
|
| 325 | + |
|
| 326 | + |
|
| 327 | +## mounting zfs dataset in lxc container |
|
| 328 | +* requires [uid/gid mapping](#uid/gid-mapping) |
|
| 329 | +* this example is for using the www-data user with nextcloud |
|
| 330 | +* on host |
|
| 331 | +``` |
|
| 332 | +zfs set acltype=posixacl pool/dataset |
|
| 333 | +setfacl -m u:100033:rwx /path/to/dataset |
|
| 334 | +``` |
|
| 335 | +* add mount point as [above](#bindmount) |
|
| 336 | +* on container check acl |
|
| 337 | +``` |
|
| 338 | +getfacl /path/to/mount |
|
| 339 | +``` |
|
| 340 | + |
|
| 341 | +[itsembedded]: https://www.itsembedded.com/sysadmin/proxmox_bind_unprivileged_lxc/ |