kiv
July 19, 2024, 7:04am
1
Hi all,
Using incus-migrate, would a privileged LXC container be migrated to an unprivileged incus container ?
Edit : self answer : security.privileged option is false by default, see below.
Sorry for this dumb question but I didn’t find a clear answer in the doc or forum.
After a first test I noticed that :
ls /proc inside the incus container prints nobody owneradding a path on the host without shift=true gives ownership to nobody inside the container
but from host : sudo ls -n /var/lib/incus/containers/my-container/rootfs shows 0:0 as owner. shouldn’t it show 100000:100000 or something ?
kiv
July 19, 2024, 8:56am
2
Well, I did my homework :
incus config get my-migrated-container security.privileged gives an empty output, as with a fresh “image launched” container.
security.privileged option default value is false, so I guess my migrated containers are unprivileged.
Just to be (less un-) sure :
incus stop my-migrated-container
incus config set my-migrated-container security.privileged=false
incus start my-migrated-container
It seems that nothing change in the container, the services still work flawlessly.
Out of subject :
simos
July 19, 2024, 10:17am
3
The security.privileged=false is a flag that you can assign to a container.
When you change the value of this flag to a container, you need to then restart the container so that it takes effect on that container.
In that respect, you can switch on or off, then restart.
Normally, you do not need privileged containers. In the majority of cases you can use unprivileged containers.
kiv
July 19, 2024, 11:18am
4
Thank you for the details.
That’s what I did : I expected more difficulties, but the only trick I needed was to add shift=true to my host mounts.
The more I learn about incus, the more I love it! versatile, robust, easy to use… (once you understand the logic behind it)
1 Like