Background
Just a quick question regarding LXD documentation (likely being a dummy).
When I run lxc config show --expanded myInstanceName
I get the results as expected (output at bottom of this post).
I’d like to run a Docker container inside a container, and my containers are unprivileged (I confirmed that based on this post).
To run Docker inside an unprivileged container, I apparently need to ensure keyctl
is enabled, and nesting
, too (based on this article).
With that in mind, my next port of call was to check the documentation so that I could: learn about exactly what these fields do before blindly setting them (although the latter is fairly self-explanatory); find out how to set these fields in my config.
Question
I tried Googling “lxd config man” which returns this page, but I can’t find any reference to keyctl
, and there’s more than one reference to nesting referring to both app_armour
and seccomp
, I’m not sure which to use.
I tried running lxc config set --help
and lxc config set --help --sub-commands
but this is just information on how to set fields, not a list all of all fields and their descriptions.
So, as I said, I’m likely being a dummy but my questions are:
- Where do I get the documentation listing all the definable fields (particularly
keyctl
) and their purposes? (I imagine it’s likely I have found the correct documentation butkeyctl
goes by a different name or similar) - A bit against the “teach a man to fish” ethos of this post, but for my particular problem, what are the commands I need to run regarding nesting and keyctl to allow Docker inside LXC/LXD?
Thanks in advance for any help at all!
Results for lxc config show --expanded myInstanceName
architecture: x86_64
config:
image.architecture: amd64
image.description: ubuntu 20.04 LTS amd64 (release) (20210927)
image.label: release
image.os: ubuntu
image.release: focal
image.serial: "20210927"
image.type: squashfs
image.version: "20.04"
volatile.base_image: 56296ba81a6fb502c634697a840d7957c3d2aa1a1805820e605ed21475058851
volatile.eth0.host_name: vethfc3f5a2d
volatile.eth0.hwaddr: 00:16:3e:f5:23:7a
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":100000,"Nsid":0,"Maprange":65536},{"Isuid":false,"Isgid":true,"Hostid":100000,"Nsid":0,"Maprange":65536}]'
volatile.last_state.power: RUNNING
volatile.uuid: d7bc7358-b05f-46dc-95a1-51a28c30f553
devices:
eth0:
name: eth0
nictype: bridged
parent: br0
type: nic
root:
path: /
pool: lxcDefaultPool
type: disk
shareFolder:
path: /home/ubuntu/media
source: /home/share_user/media
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""