Skip to content

containers-and-vms: refactor for clarity #856

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

containers-and-vms: refactor for clarity #856

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 11 additions & 14 deletions src/config/containers-and-vms/lxc.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,17 +12,7 @@ favor of the CGroup namespace in recent kernels. LXD has become a Canonical
project. Incus was forked from LXD to be a community driven alternative, and is
led and maintained by many of the original creators.

## Configuring LXC

Install the `lxc` package.

Creating and running privileged containers as `root` does not require any
configuration; simply use the various `lxc-*` commands, such as
[lxc-create(1)](https://man.voidlinux.org/lxc-create.1),
[lxc-start(1)](https://man.voidlinux.org/lxc-start.1),
[lxc-attach(1)](https://man.voidlinux.org/lxc-attach.1), etc.

### Creating unprivileged containers
## Creating unprivileged containers

User IDs (UIDs) and group IDs (GIDs) normally range from 0 to 65535.
Unprivileged containers enhance security by mapping UID and GID ranges inside
Expand Down Expand Up @@ -57,6 +47,16 @@ defined in the file do not overlap. In this example, `root` controls UIDs (or,
from `subgid`, GIDs) ranging from 1000000 to 1065535, inclusive; `user` controls
IDs ranging from 2000000 to 2065535.

## Configuring LXC

Install the `lxc` package.

Creating and running privileged containers as `root` does not require any
configuration; simply use the various `lxc-*` commands, such as
[lxc-create(1)](https://man.voidlinux.org/lxc-create.1),
[lxc-start(1)](https://man.voidlinux.org/lxc-start.1),
[lxc-attach(1)](https://man.voidlinux.org/lxc-attach.1), etc.

Before creating a container, the user owning the container will need an
[lxc.conf(5)](https://man.voidlinux.org/lxc.conf.5) file specifying the subuid
and subgid range to use. For root-owned containers, this file resides at
Expand Down Expand Up @@ -128,9 +128,6 @@ In `/etc/rc.conf`, set the `CGROUP_MODE` variable to `unified`. Install the
`incus` package, and [enable](../services/index.md#enabling-services) the
`incus` service.

Some parts of Incus require optional dependencies, see
[README.voidlinux](../package-documentation/index.md).

Add users who should have full control over Incus to the `_incus-admin` group.

Optionally, some users can be given limited access to Incus as described
Expand Down
Loading