Before mounting image in container:
~/container-config$ losetup -f
/dev/loop0
After mounting image in container:
~/container-config$ losetup -f
/dev/loop1
configuring container unprivileged to have graphical apps working:
~/container-config$ lxc config set buildroot security.privileged false
~/container-config$ losetup -f
/dev/loop0
unprivileged container config (graphical apps ok, mounting image not ok):
~$ lxc config show c1
architecture: x86_64
config:
raw.apparmor: mount,
raw.idmap: both 1000 1001
security.privileged: "false"
volatile.base_image: c5bbef7f4e1c19f0104fd49b862b2e549095d894765c75c6d72775f1d98185ec
volatile.eth0.hwaddr: 00:16:3e:b1:b7:d6
volatile.idmap.base: "0"
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1001},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1001,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166538,"Nsid":1002,"Maprange":64534},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1001},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1001,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166538,"Nsid":1002,"Maprange":64534}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1001},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1001,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166538,"Nsid":1002,"Maprange":64534},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1001},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1001,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166538,"Nsid":1002,"Maprange":64534}]'
volatile.last_state.power: RUNNING
devices:
X0:
path: /tmp/.X11-unix/X0
source: /tmp/.X11-unix/X0
type: disk
Xauthority:
path: /home/sysadmin/.Xauthority
source: /home/sysadmin/.Xauthority
type: disk
loop-control:
path: /dev/loop-control
type: unix-char
loop0:
path: /dev/loop0
type: unix-block
loop1:
path: /dev/loop1
type: unix-block
loop2:
path: /dev/loop2
type: unix-block
loop3:
path: /dev/loop3
type: unix-block
loop4:
path: /dev/loop4
type: unix-block
loop5:
path: /dev/loop5
type: unix-block
loop6:
path: /dev/loop6
type: unix-block
loop7:
path: /dev/loop7
type: unix-block
root:
path: /
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
privileged container config(graphical apps not ok, mounting image ok):
~$ lxc config set c1 security.privileged true
~$ lxc config show c1
architecture: x86_64
config:
raw.apparmor: mount,
raw.idmap: both 1000 1001
security.privileged: "true"
volatile.base_image: c5bbef7f4e1c19f0104fd49b862b2e549095d894765c75c6d72775f1d98185ec
volatile.eth0.hwaddr: 00:16:3e:b1:b7:d6
volatile.idmap.base: "0"
volatile.idmap.next: '[]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":165536,"Nsid":0,"Maprange":1001},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1001,"Maprange":1},{"Isuid":true,"Isgid":false,"Hostid":166538,"Nsid":1002,"Maprange":64534},{"Isuid":false,"Isgid":true,"Hostid":165536,"Nsid":0,"Maprange":1001},{"Isuid":true,"Isgid":true,"Hostid":1000,"Nsid":1001,"Maprange":1},{"Isuid":false,"Isgid":true,"Hostid":166538,"Nsid":1002,"Maprange":64534}]'
volatile.last_state.power: RUNNING
devices:
X0:
path: /tmp/.X11-unix/X0
source: /tmp/.X11-unix/X0
type: disk
Xauthority:
path: /home/sysadmin/.Xauthority
source: /home/sysadmin/.Xauthority
type: disk
loop-control:
path: /dev/loop-control
type: unix-char
loop0:
path: /dev/loop0
type: unix-block
loop1:
path: /dev/loop1
type: unix-block
loop2:
path: /dev/loop2
type: unix-block
loop3:
path: /dev/loop3
type: unix-block
loop4:
path: /dev/loop4
type: unix-block
loop5:
path: /dev/loop5
type: unix-block
loop6:
path: /dev/loop6
type: unix-block
loop7:
path: /dev/loop7
type: unix-block
root:
path: /
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""