Imported lxd-images into tenku
parent
7c1075116f
commit
93b96bc594
@ -0,0 +1,2 @@
|
|||||||
|
rkt/nginx/nginx.aci
|
||||||
|
lxd/busybox-nonroot/busybox-nonroot.tar.xz
|
@ -0,0 +1,25 @@
|
|||||||
|
# lxd-images
|
||||||
|
|
||||||
|
Set of images for use with [LXD](https://linuxcontainers.org/lxd/).
|
||||||
|
|
||||||
|
<a rel="license" href="http://creativecommons.org/licenses/by-sa/2.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-sa/2.0/88x31.png" /></a><br />This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-sa/2.0/">Creative Commons Attribution-ShareAlike 2.0 Generic License</a>.
|
||||||
|
|
||||||
|
## busybox-nonroot
|
||||||
|
|
||||||
|
Running the containers' processes as non-root with ``busybox-nonroot`` is useful when you design applications that do not need root privileges,
|
||||||
|
as you will be able to detect problems that would otherwise be unnoticed when running with root privileges.
|
||||||
|
|
||||||
|
Create the image tarball with:
|
||||||
|
```
|
||||||
|
make
|
||||||
|
```
|
||||||
|
|
||||||
|
This will import the standard ``busybox`` image if you don't already have it.
|
||||||
|
|
||||||
|
Afterwards you can import ``busybox-nonroot`` image with:
|
||||||
|
```
|
||||||
|
make import
|
||||||
|
```
|
||||||
|
|
||||||
|
This image has a ``nobody`` user defined, so that you can run all processes inside the container as a non-privileged user.
|
||||||
|
**NOTE:** this is fundamentally different from root uid/gid mapping (which you should still use, if possible), as explained in [this blog post](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/).
|
@ -0,0 +1,18 @@
|
|||||||
|
.DEFAULT := all
|
||||||
|
.PHONY := all import have-busybox
|
||||||
|
|
||||||
|
## current hash of busybox image
|
||||||
|
BASEIMG := 6e9df9219c50317368ec1e2b37da8bb1f5edcbefae3bae4bd38f41b56a365d09
|
||||||
|
|
||||||
|
all: busybox-nonroot.tar.xz
|
||||||
|
|
||||||
|
have-busybox:
|
||||||
|
lxc image info busybox >/dev/null || lxd-images import busybox --alias busybox
|
||||||
|
|
||||||
|
busybox-nonroot.tar.xz: have-busybox
|
||||||
|
TMPD=`mktemp -d` && mkdir -p "$$TMPD/rootfs/etc" && \
|
||||||
|
cp overlay/etc/passwd overlay/etc/group "$$TMPD/rootfs/etc/" && cd "$$TMPD" && tar xf /var/lib/lxd/images/$(BASEIMG) && \
|
||||||
|
tar pcfJ $(CURDIR)/$@ rootfs/ metadata.yaml && cd && rm -rf "$$TMPD"
|
||||||
|
|
||||||
|
import:
|
||||||
|
lxc image info busybox-nonroot >/dev/null 2>/dev/null || lxc image import busybox-nonroot.tar.xz --alias busybox-nonroot
|
@ -0,0 +1,11 @@
|
|||||||
|
{
|
||||||
|
"architecture": "x86_64",
|
||||||
|
"creation_date": 1443204631,
|
||||||
|
"properties": {
|
||||||
|
"architecture": "x86_64",
|
||||||
|
"description": "Busybox with unprivileged user x86_64",
|
||||||
|
"name": "busybox-nonroot-x86_64",
|
||||||
|
"author": "gdm85",
|
||||||
|
"os": "Busybox"
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1 @@
|
|||||||
|
nobody:x:1:
|
@ -0,0 +1 @@
|
|||||||
|
nobody:x:1:1:nobody:/:/bin/sh
|
Loading…
Reference in New Issue