Browse Source

LXC tips

tags/0.1
devrandom 9 years ago
parent
commit
b482952a33
1 changed files with 15 additions and 0 deletions
  1. 15
    0
      README.md

+ 15
- 0
README.md View File

@@ -66,3 +66,18 @@ After you've merged everybody's signatures, verify them:
TODO:
- disable sudo in target, just in case of a hypervisor exploit
- tar and other archive timestamp setter

## LXC tips

`bin/gbuild` runs `lxc-start`, which may require root. If you are in the admin group, you can add the following sudoers line to prevent asking for the password every time:

%admin ALL=NOPASSWD: /usr/bin/lxc-start

Recent distributions allow lxc-start to be run by non-priviledged users, so you might be able to rip-out the `sudo` calls in `libexec/*`.

If you have a runaway `lxc-start` command, just use `kill -9` on it.

The machine configuration requires access to br0 and assumes that the host address is 10.0.2.2:

sudo brctl add br0
sudo ifconfig br0 10.0.2.2/24 up

Loading…
Cancel
Save