LXC:將特權 LXC 轉換為 非特權 LXC 並開機使用 (ZFS Only)
nano lxc.sh需要修改地方
vol=儲存系統目錄
#!/bin/bash
##
## Warning: do not use this unless you understand and agree with what it does
##
## Based on: https://forum.proxmox.com/threads/convert-privileged-to-unprivileged-container.31066/#post-261883
##
## NOT HANDLED
## * multiple disks
## * if there are backup/snapshot references in the lxc/$vmid.conf the unprivileged:1 will be added to the end of the file and in a backup config not in the active config, that can break the first boot
## * setuid and setgid permissions are not retained
# CONFIGURE THIS (the pool on which subvol-NNN-disk-0's exist):
vol=rpool/data
vmid=$1
TODAY=$(date +"%Y%m%d")
if [ "$vmid" == "" ];
then
echo "Usage is: $0 vmid";
exit 1
fi
echo "stopping vm $vmid"
pct stop $vmid
echo "taking snapshot"
zfs snapshot $vol/subvol-$vmid-disk-1@mkunpriv-$TODAY
echo "chowning files, sockets and pipes"
find /$vol/subvol-$vmid-disk-0/ -type f -or -type s -or -type p | while read S; do U="$(ls -ln "${S}" | awk '{print$3}')"; G="$(ls -ln "${S}" | awk '{print$4}')"; F=100000; chown "${F:0: -${#U}}${U}:${F:0: -${#G}}${G}" "${S}"; done
echo "chowning symlinks"
find /$vol/subvol-$vmid-disk-0/ -type l | while read S; do U="$(ls -ln "${S}" | awk '{print$3}')"; G="$(ls -ln "${S}" | awk '{print$4}')"; F=100000; chown -h "${F:0: -${#U}}${U}:${F:0: -${#G}}${G}" "${S}"; done
echo "chowning directores"
find /$vol/subvol-$vmid-disk-0/ -type d | while read S; do U="$(ls -lnd "${S}" | awk '{print$3}')"; G="$(ls -lnd "${S}" | awk '{print$4}')"; F=100000; chown "${F:0: -${#U}}${U}:${F:0: -${#G}}${G}" "${S}"; done
echo "fixing postfix if necessary"
[ -e /$vol/subvol-$vmid-disk-1/var/spool/postfix/dev/-random ] && rm -ri /$vol/subvol-$vmid-disk-1/var/spool/postfix/dev/-random
[ -e /$vol/subvol-$vmid-disk-1/var/spool/postfix/dev/-urandom ] && rm -ri /$vol/subvol-$vmid-disk-1/var/spool/postfix/dev/-urandom
echo "setting suid on sudo"
[ -e /$vol/subvol-$vmid-disk-1/usr/bin/sudo ] && chmod u+s /$vol/subvol-$vmid-disk-1/usr/bin/sudo
echo "enabling unprivileged setting on vm config"
echo -e "\nunprivileged: 1" >> /etc/pve/lxc/$vmid.conf
echo "starting vm $vmid"
pct start $vmid執行程式:
bash lxc.sh 110(你的LXCID)結束之後會自動開機LXC
修改源自: github
A script to make Proxmox LXC Containers unprivileged
阅读剩余
THE END