Imported lxd-images into tenku
parent
7c1075116f
commit
93b96bc594
@ -0,0 +1,2 @@
|
||||
rkt/nginx/nginx.aci
|
||||
lxd/busybox-nonroot/busybox-nonroot.tar.xz
|
@ -0,0 +1,25 @@
|
||||
# lxd-images
|
||||
|
||||
Set of images for use with [LXD](https://linuxcontainers.org/lxd/).
|
||||
|
||||
<a rel="license" href="http://creativecommons.org/licenses/by-sa/2.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-sa/2.0/88x31.png" /></a><br />This work is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-sa/2.0/">Creative Commons Attribution-ShareAlike 2.0 Generic License</a>.
|
||||
|
||||
## busybox-nonroot
|
||||
|
||||
Running the containers' processes as non-root with ``busybox-nonroot`` is useful when you design applications that do not need root privileges,
|
||||
as you will be able to detect problems that would otherwise be unnoticed when running with root privileges.
|
||||
|
||||
Create the image tarball with:
|
||||
```
|
||||
make
|
||||
```
|
||||
|
||||
This will import the standard ``busybox`` image if you don't already have it.
|
||||
|
||||
Afterwards you can import ``busybox-nonroot`` image with:
|
||||
```
|
||||
make import
|
||||
```
|
||||
|
||||
This image has a ``nobody`` user defined, so that you can run all processes inside the container as a non-privileged user.
|
||||
**NOTE:** this is fundamentally different from root uid/gid mapping (which you should still use, if possible), as explained in [this blog post](https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/).
|
@ -0,0 +1,18 @@
|
||||
.DEFAULT := all
|
||||
.PHONY := all import have-busybox
|
||||
|
||||
## current hash of busybox image
|
||||
BASEIMG := 6e9df9219c50317368ec1e2b37da8bb1f5edcbefae3bae4bd38f41b56a365d09
|
||||
|
||||
all: busybox-nonroot.tar.xz
|
||||
|
||||
have-busybox:
|
||||
lxc image info busybox >/dev/null || lxd-images import busybox --alias busybox
|
||||
|
||||
busybox-nonroot.tar.xz: have-busybox
|
||||
TMPD=`mktemp -d` && mkdir -p "$$TMPD/rootfs/etc" && \
|
||||
cp overlay/etc/passwd overlay/etc/group "$$TMPD/rootfs/etc/" && cd "$$TMPD" && tar xf /var/lib/lxd/images/$(BASEIMG) && \
|
||||
tar pcfJ $(CURDIR)/$@ rootfs/ metadata.yaml && cd && rm -rf "$$TMPD"
|
||||
|
||||
import:
|
||||
lxc image info busybox-nonroot >/dev/null 2>/dev/null || lxc image import busybox-nonroot.tar.xz --alias busybox-nonroot
|
@ -0,0 +1,11 @@
|
||||
{
|
||||
"architecture": "x86_64",
|
||||
"creation_date": 1443204631,
|
||||
"properties": {
|
||||
"architecture": "x86_64",
|
||||
"description": "Busybox with unprivileged user x86_64",
|
||||
"name": "busybox-nonroot-x86_64",
|
||||
"author": "gdm85",
|
||||
"os": "Busybox"
|
||||
}
|
||||
}
|
@ -0,0 +1 @@
|
||||
nobody:x:1:
|
@ -0,0 +1 @@
|
||||
nobody:x:1:1:nobody:/:/bin/sh
|
Loading…
Reference in New Issue