LXC非特权容器内的Docker

问题描述 投票:1回答:1

我正在尝试在LXC非特权容器中运行Docker容器。谁能说出我想念的东西吗?

如果我从LXC容器中删除apparmor,它将正常工作。好像我需要做一些辅助魔法才能使其在不禁用辅助武器的情况下起作用?

这是我当前的LXC容器配置:

lxc.include = /usr/share/lxc/config/nesting.conf

# Distribution configuration
lxc.include = /usr/share/lxc/config/common.conf

# For Ubuntu 14.04
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0
lxc.include = /usr/share/lxc/config/userns.conf

# For Ubuntu 14.04
lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0
lxc.arch = linux64

# Container specific configuration
lxc.idmap = u 0 1258512 65536
lxc.idmap = g 0 1258512 65536
lxc.rootfs.path = dir:/var/lib/lxc/ubuntu/rootfs
lxc.uts.name = ubuntu

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:3e:3f:77
lxc.net.0.ipv4.address = 10.0.3.242/24
lxc.net.0.ipv4.gateway = auto
lxc.cgroup.memory.limit_in_bytes = 512M
lxc.cgroup.cpuset.cpus = 0-31
lxc.start.auto = 1
linux docker ubuntu lxc apparmor
1个回答
0
投票

配置中的以下内容有助于解决:

lxc.aa_profile = unconfined

它可能会破坏您的安全配置文件,但可能会帮助您正确地开始使用。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.