Migrated to Unprivileged LXC.

    LXC is now running as root owned unprivileged containers.

    Go4it2day utilizes Slackware along with LXC to create independently managed containers that provide diversified services. In the past these were privileged containers which presented potential security issues to the hosts and other containers. Inspiration was provided by the 3 part tutorial found at: Unprivileged containers in Slackware.

    Modifications to the host subuid, subgid, along with modifications to the guest config, fstab and running uidmapshift summarize the efforts. Beside the improved security, running root owned containers enable autostarting the containers on the host.

    July 06, 2017

Articles, News and Blog - more entries listed below...