Hi all, and thank you for doing all that great work!
I would like to set up an ltsp-server in a container to deliver images to clients in a local network. Has anyone ever tried that and/or share some experience/insight?
Even some hints on the required configuration to make it work would be very much appreciated. Thanks 
Ah, that’s funny, before being the project leader for LXD, I was one of the main developers and maintainers of LTSP (and project leader of LTSP-Cluster), small world 
Anyway, I’ve not tried it in a long time. Back then, the thin clients were booting from TFTP and NBD which both work absolutely fine in a container (even a fully unprivileged one).
I believe I read somewhere that NFS was back in the mix though which changes things a bit. If you need a NFS server, ganesha may be able to run fully in userspace and so work great from an unprivileged container. If you need the in-kernel NFS server, then that’ll be a problem and the easiest way out would be to run the NFS server on the host and just pass the path with the images into the container.
The other side of things would be the tool which builds the LTSP image (ltsp-update-image or something along those lines, at least back in the days). This needs to do a bunch of chroot and mount operations which may not play super well with containers. I’d expect the bulk of that to do okay so long as you have security.nesting=true set on the container.
In general, I don’t see any case where security.privileged=true would help here, so I’d strongly recommend staying away from it and dealing with whatever issues may show up instead of using that big hammer as it’d almost certainly backfire.
Thanks a lot!
I am currently fiddling around with the issues and will be back here as soon as I gained more insight or have more specific problems… 