|
|
Log in / Subscribe / Register

Making containers safer

Making containers safer

Posted Aug 22, 2019 4:49 UTC (Thu) by skissane (subscriber, #38675)
In reply to: Making containers safer by epa
Parent article: Making containers safer

> It's excellent that LXD containers can be nested. That would have been my first question about them.

I tried starting a container inside a container using tryit. I couldn't get it to work, lots of permissions issues. (I don't really know what I am doing though, maybe I used the wrong steps or config options.)

to post comments

Making containers safer

Posted Aug 22, 2019 18:01 UTC (Thu) by stgraber (subscriber, #57367) [Link] 

lxc launch ubuntu:18.04 c1 -c security.nesting=true
lxc exec c1 bash
  lxd init
  lxc launch images:alpine/edge a1
  lxc list

This should work fine. During "lxd init", the one thing that you'll need to pick which isn't already the default value is the IPv4 subnet. In my test, I used "192.168.0.1/24" which worked fine.

The reason for this, is that the try-it environment has a subnet of 10.0.0.0/8 which prevents LXD from automatically picking an unused subnet in that range. Manually specifying one is therefore required.

PS: Note that the try-it session is already itself a LXD container, so doing the above actually gets you a nested, nested container :)


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds