grimoire

personal wiki
git clone git://git.pyratebeard.net/grimoire.git
Log | Files | Refs
commit ba96f46141c28b48a0e386e52f0a33b9fc45cf61
parent 76253a4e745277b31d974fb1de8d352376b9d0a4
Author: pyratebeard <root@pyratebeard.net>
Date:   Thu,  4 Apr 2024 13:01:27 +0100

updates

Diffstat:

Mglossary.md | 2++


Mvirtualisation/lxc.md | 38++++++++++++++++++++++++++++++++++++++


2 files changed, 40 insertions(+), 0 deletions(-)

diff --git a/glossary.md b/glossary.md
@@ -6,6 +6,7 @@
 * [apt_dpkg](/linux/apt_dpkg)
 * [arduino](/hardware/arduino)
 * [at](/linux/at)
+* [awx](/iac/awx)
 * [azure](/cloud_saas/azure)
 
 ## b
@@ -139,6 +140,7 @@
 * [sysv](/linux/sysv)
 
 ## t
+* [tarsnap](/software/tarsnap)
 * [tcpdump](/software/tcpdump)
 * [termux](/software/termux)
 * [tmux](/software/tmux)
diff --git a/virtualisation/lxc.md b/virtualisation/lxc.md
@@ -301,3 +301,41 @@ gollum haproxy log pastebin radicale site stagit znc ftp
 ```
 mp0: /path/on/host,mp=/mount/path/on/container
 ```
+
+## uid/gid mapping
+* in lxc conf
+```
+lxc.idmap: u 0 100000 1005
+lxc.idmap: g 0 100000 1005
+lxc.idmap: u 1005 1005 1
+lxc.idmap: g 1005 1005 1
+lxc.idmap: u 1006 101006 64530
+lxc.idmap: g 1006 101006 64530
+```
+* explanation taken from [itsembedded][]
+> The format of the lxc.idmap configuration lines are <u/g> <guest_start_id> <host_start_id> <num_of_ids_to_map>, where <u/g> selects whether the mapping is for user id’s or group id’s.
+>
+> Below is an explanation of what each mapping combination does:
+>
+> * (u/g) 0 10000 1000 - map 1000 ID’s starting from 0, to ID’s starting at 100000. This means that the ROOT UID/GID 0:0 on the guest will be mapped to 100000:100000 on the host, 1:1 will be mapped to 100001:1000001, and so on.
+>
+> * (u/g) 1000 1000 1 - map the UID/GID pair 1000:1000 to 1000:1000 on the host. The number 1 is there to specify we’re only mapping a single ID, and not a range.
+>
+> * (u/g) 1001 101000 64535 - map 64535 ID’s starting at 1001, to ID’s starting at 101000. This means that UID/GID pair 1001:1001 on the guest will be mapped to 101000:101000, 1002:1002 to 101001:101001, all the way to finally 65535:65535 to 165534:165534.
+
+
+## mounting zfs dataset in lxc container
+* requires [uid/gid mapping](#uid/gid-mapping)
+* this example is for using the www-data user with nextcloud
+* on host
+```
+zfs set acltype=posixacl pool/dataset
+setfacl -m u:100033:rwx /path/to/dataset
+```
+* add mount point as [above](#bindmount)
+* on container check acl
+```
+getfacl /path/to/mount
+```
+
+[itsembedded]: https://www.itsembedded.com/sysadmin/proxmox_bind_unprivileged_lxc/