Re: lxc and subuid

[Antonio Carlos Padoan Junior]

Thanks Maxime,


Maxime Devos <maximedevos@telenet.be> writes:

> Antonio Carlos Padoan Junior schreef op wo 30-03-2022 om 08:51 [+0200]:
>> Hello,
>> 
>> I'm trying to figure out how to set a unprivileged container using lxc
>> in guix. I do not know either how to allocate subuid/gid space in guix,
>
> subuid/gid are _not_ unprivileged.  They are an userspace feature by
> the (privileged) setuid binary 'newuidmap', see
> <https://manpages.debian.org/buster/uidmap/newuidmap.1.en.html>.
>
> I don't think there's currently a mechanism for that in Guix System,
> except manually creating and modifying /etc/subuid appropriately and
> installing the setuid binaries.  However, I suppose that the 'user-
> account' record could be extended to support subuid/subgid and
> automatically create /etc/subuid.

I created them manually as you suggested. But now I'm in trouble with
the creation of virtual network interfaces for the container. It is not
possible to follow the standard lxc documentation and apply it for guix 
directly.
The same problem if I use lxd. 

I'm looking the "Singularity service" as an alternative for lxc but it seem it 
does
not install the daemon (as per guix documentation). I have no idea
how to properly proceed and set a viable singularity deamon in my machine.

I will try docker service instead, but this is not exactly what I'm
looking for (but I hope at least it will work).

I have the feeling people create guix packages and services for
personal use but without minimal documentation on how to use properly on
guix. Please consider that as a critic from someone that has goodwill
but who is a little bit frustrated today.   


>
> Greetings,
> Maxime
>

Best regards,
-- 
Antonio Carlos PADOAN JUNIOR
GPG fingerprint:
243F 237F 2DD3 4DCA 4EA3  1341 2481 90F9 B421 A6C9