tenku/lxd
gdm85 db73573b58 Allow user 'nobody' to write in /tmp
Make /tmp home directory for user 'nobody'
2015-09-26 10:41:50 +02:00
..
busybox-nonroot Allow user 'nobody' to write in /tmp 2015-09-26 10:41:50 +02:00
README.md Imported lxd-images into tenku 2015-09-26 10:04:14 +02:00

lxd-images

Set of images for use with LXD.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic License.

busybox-nonroot

Running the containers' processes as non-root with busybox-nonroot is useful when you design applications that do not need root privileges, as you will be able to detect problems that would otherwise be unnoticed when running with root privileges.

Create the image tarball with:

make

This will import the standard busybox image if you don't already have it.

Afterwards you can import busybox-nonroot image with:

make import

This image has a nobody user defined, so that you can run all processes inside the container as a non-privileged user. NOTE: this is fundamentally different from root uid/gid mapping (which you should still use, if possible), as explained in this blog post.