LXC:將特權 LXC 轉換為 非特權 LXC 並開機使用 (ZFS Only)

 

nano lxc.sh

需要修改地方

vol=儲存系統目錄

#!/bin/bash
##
## Warning: do not use this unless you understand and agree with what it does
##
## Based on: https://forum.proxmox.com/threads/convert-privileged-to-unprivileged-container.31066/#post-261883
##
## NOT HANDLED
## * multiple disks
## * if there are backup/snapshot references in the lxc/$vmid.conf the unprivileged:1 will be added to the end of the file and in a backup config not in the active config, that can break the first boot
## * setuid and setgid permissions are not retained

# CONFIGURE THIS (the pool on which subvol-NNN-disk-0's exist):
vol=rpool/data
vmid=$1
TODAY=$(date +"%Y%m%d")
if [ "$vmid" == "" ];
then
        echo "Usage is: $0 vmid";
        exit 1
fi

echo "stopping vm $vmid"
pct stop $vmid

echo "taking snapshot"
zfs snapshot $vol/[email protected]$TODAY

echo "chowning files, sockets and pipes"
find /$vol/subvol-$vmid-disk-0/ -type f -or -type s -or -type p | while read S; do U="$(ls -ln "${S}" | awk '{print$3}')"; G="$(ls -ln "${S}" | awk '{print$4}')"; F=100000; chown "${F:0: -${#U}}${U}:${F:0: -${#G}}${G}" "${S}"; done

echo "chowning symlinks"
find /$vol/subvol-$vmid-disk-0/ -type l | while read S; do U="$(ls -ln "${S}" | awk '{print$3}')"; G="$(ls -ln "${S}" | awk '{print$4}')"; F=100000; chown -h "${F:0: -${#U}}${U}:${F:0: -${#G}}${G}" "${S}"; done

echo "chowning directores"
find /$vol/subvol-$vmid-disk-0/ -type d | while read S; do U="$(ls -lnd "${S}" | awk '{print$3}')"; G="$(ls -lnd "${S}" | awk '{print$4}')"; F=100000; chown "${F:0: -${#U}}${U}:${F:0: -${#G}}${G}" "${S}"; done

echo "fixing postfix if necessary"
[ -e /$vol/subvol-$vmid-disk-1/var/spool/postfix/dev/-random ] && rm -ri /$vol/subvol-$vmid-disk-1/var/spool/postfix/dev/-random
[ -e /$vol/subvol-$vmid-disk-1/var/spool/postfix/dev/-urandom ] && rm -ri /$vol/subvol-$vmid-disk-1/var/spool/postfix/dev/-urandom

echo "setting suid on sudo"
[ -e /$vol/subvol-$vmid-disk-1/usr/bin/sudo ] && chmod u+s /$vol/subvol-$vmid-disk-1/usr/bin/sudo

echo "enabling unprivileged setting on vm config"
echo -e "\nunprivileged: 1" >> /etc/pve/lxc/$vmid.conf

echo "starting vm $vmid"
pct start $vmid

執行程式:

bash lxc.sh 110(你的LXCID)

結束之後會自動開機LXC

 

修改源自: github

A script to make Proxmox LXC Containers unprivileged

THE END
分享
二维码
< <上一篇
下一篇>>