From: Zoltán Felleg Date: Tue, 9 Jan 2024 19:19:20 +0000 (+0100) Subject: Converted/updated all containers to unprivileged. X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=3291bb6650c8f31104e60e007a2e7cd28c083346;p=user-lxc.git Converted/updated all containers to unprivileged. --- diff --git a/sources/dhcp.in/config b/sources/dhcp.in/config index eac04da..a4c0c54 100644 --- a/sources/dhcp.in/config +++ b/sources/dhcp.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = dhcp.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +15,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/efg.pm/config b/sources/efg.pm/config index f425db1..efbc6a5 100644 --- a/sources/efg.pm/config +++ b/sources/efg.pm/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = efg.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -27,6 +28,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/ens.pm/config b/sources/ens.pm/config index fc70dc8..4df958f 100644 --- a/sources/ens.pm/config +++ b/sources/ens.pm/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ens.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +15,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/fdc.in/config b/sources/fdc.in/config index db15590..5062654 100644 --- a/sources/fdc.in/config +++ b/sources/fdc.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = fdc.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +15,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/fds.in/config b/sources/fds.in/config index 7c5b717..5868a4b 100644 --- a/sources/fds.in/config +++ b/sources/fds.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = fds.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +15,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/git.pm/config b/sources/git.pm/config index aad5606..2c03ed1 100644 --- a/sources/git.pm/config +++ b/sources/git.pm/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = git.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ git none bind,create=dir 0 0 @@ -15,6 +16,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/ifg.in/config b/sources/ifg.in/config index 5bb6770..472ca10 100644 --- a/sources/ifg.in/config +++ b/sources/ifg.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ifg.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -21,6 +22,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/ls.in/config b/sources/ls.in/config index e067cc0..4d1aa5a 100644 --- a/sources/ls.in/config +++ b/sources/ls.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ls.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ var/log/remote none bind,create=dir 0 0 @@ -15,6 +16,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/mx.in/config b/sources/mx.in/config index d296f8b..5466fa7 100644 --- a/sources/mx.in/config +++ b/sources/mx.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = mx.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +15,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/ns1.in/config b/sources/ns1.in/config index 592c423..0dca839 100644 --- a/sources/ns1.in/config +++ b/sources/ns1.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ns1.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +15,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/ns2.in/config b/sources/ns2.in/config index 03d3968..e7ea874 100644 --- a/sources/ns2.in/config +++ b/sources/ns2.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ns2.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +15,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/pki.in/config b/sources/pki.in/config index 89545dc..3a34284 100644 --- a/sources/pki.in/config +++ b/sources/pki.in/config @@ -3,17 +3,21 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = pki.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = brci-dev -lxc.net.0.hwaddr = 02:0c:18:03:6d:ab +lxc.net.0.hwaddr = 02:0c:18:03:6d:b7 lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/pns.pm/config b/sources/pns.pm/config index 221a97c..e4b6214 100644 --- a/sources/pns.pm/config +++ b/sources/pns.pm/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = pns.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +15,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/vpn.in/config b/sources/vpn.in/config index f647c81..1fd7285 100644 --- a/sources/vpn.in/config +++ b/sources/vpn.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = vpn.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.net.0.type = veth @@ -14,6 +15,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/wiki.in/config b/sources/wiki.in/config index 727449d..6dcbb60 100644 --- a/sources/wiki.in/config +++ b/sources/wiki.in/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = wiki.in.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__ data none bind,create=dir 0 0 @@ -15,6 +16,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/ws.pm/config b/sources/ws.pm/config index a61e6ca..4b5cc51 100644 --- a/sources/ws.pm/config +++ b/sources/ws.pm/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = ws.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/htdocs.useribm.hu.443 var/www/htdocs.useribm.hu.443 none bind,create=dir 0 0 lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/htdocs.useribm.hu.80 var/www/htdocs.useribm.hu.80 none bind,create=dir 0 0 @@ -18,6 +19,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1 diff --git a/sources/xfr.pm/config b/sources/xfr.pm/config index 463193e..3d107df 100644 --- a/sources/xfr.pm/config +++ b/sources/xfr.pm/config @@ -3,6 +3,7 @@ lxc.include = /usr/share/lxc/config/common.conf lxc.arch = x86_64 lxc.uts.name = xfr.pm.useribm.hu lxc.rootfs.path = __CONTAINER_PATH__/rootfs +lxc.rootfs.options = idmap=container lxc.mount.auto = proc:rw sys:ro lxc.mount.entry = __CONTAINER_FILESYSTEMS_PATH__/www.xfr var/www.xfr none bind,create=dir 0 0 @@ -15,6 +16,9 @@ lxc.autodev = 1 lxc.cgroup2.devices.allow = a +lxc.idmap = u 0 100000 100000 +lxc.idmap = g 0 100000 100000 + lxc.signal.halt = SIGRTMIN+4 lxc.start.auto = 1