pct set 101 -mp0 storage_path,mp=mount_point[,ro=1][,shared=1]
'''mariadb.service: Failed to set up mount namespacing: Permission denied'''
'''mariadb.service: Failed at step NAMESPACE spawning /usr/bin/install: Permission denied'''
Activate nesting in container options
'''apache2.service: Failed to set up mount namespacing: Permission denied'''
Into container :
sudo systemctl edit apache2
Ajouter les lignes suivantes et enregistrer
[Service]
PrivateTmp=false
NoNewPrivileges=yes
sudo systemctl daemon-reload
sudo systemctl start apache2.service
sudo systemctl status apache2.service
pct restore 102 backup:backup/vzdump-lxc-102-2021_07_27-00_07_32.tar.zst -storage <storage> -mp0 mp=<mount point> -rootfs <storage>:<disk size Go> -unprivileged false
dpkg-reconfigure tzdata
Create a container based on a Debian template (provided you have already downloaded the template via the web interface)
pct create 100 /var/lib/vz/template/cache/debian-8.0-standard_8.0-1_amd64.tar.gz
Start container 100
pct start 100
Start a login session via getty
pct console 100
Enter the LXC namespace and run a shell as root user
pct enter 100
Display the configuration
pct config 100
Add a network interface called eth0, bridged to the host bridge vmbr0, set the address and gateway, while it’s running
pct set 100 -net0 name=eth0,bridge=vmbr0,ip=<ip>/24,gw=<gateway ip>
Reduce the memory of the container to 512MB
pct set 100 -memory 512
pveam update
pveam available
pveam download votre_partage(sur serveur linux proxmox) ubuntu-16-10-standard-default_16-10-1_amd64.tar.gz
To list usb peripherals
lsusb
It gives you
Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 003: ID 0451:16a8 Texas Instruments, Inc.
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
I want to use '''Texas Instruments''' peripheral on my container
The bus and device numbers are what we are looking for now, they can guide us to the correct device path beneath /dev . In this case, they are 004 and 003.
So the device path, that we need to mount to the container, should be /dev/bus/usb/004/003. How to mount the container with this path? we can do it via the lxc.mount.entry option.
But, as I said before, it is not enough to just mount the device path, the container must be allowed to use it as well. We can do it via cgroup, more specifically option lxc.cgroup.device.allow . To use this option we need to know the device’s major and minor numbers which can be retrieved as follows:
ls -al /dev/bus/usb/004/003
I got:
crw-rw-r-- 1 root root 189, 386 Jun 5 21:33 /dev/bus/usb/004/003
The major and minor numbers are 189 and 386 respectively.
In my case, I use Proxmox to manage my containers. I need to go to '''/etc/pve/lxc/<container_id>.conf''' .
I will have to put two lines more into the configuration file:
lxc.cgroup.devices.allow: c 189:* rwm
lxc.mount.entry: /dev/bus/usb/004/003 dev/bus/usb/004/003 none bind,optional,create=file
The former is for allowing the container privilege to access the device specified by its major and minor numbers.
Note: 189:* means we care only the major number, all the minors apply. rwm means read-write-mount.
The latter is for mounting the device file representation into the container space. In this case, I mount the exact device, however, it might be a good idea to map the whole directory (with all its siblings) to the container because it is more than likely that the filename will change.
Given that it can be done thus:
lxc.mount.entry: /dev/bus/usb/004/003 dev/bus/usb/004/003 none bind,optional,create=dir
Note: the target mount path doesn’t begin with a slash! it is dev not /dev
Now, stop and start the container. You should now be able to run the command lsusb inside the container and see the same results as if in the host.
For ZIGBEE to mqtt we need to mount /dev/ttyACM0
lxc.cgroup.devices.allow: c 166:0 rwm
lxc.mount.entry: /dev/ttyACM0 dev/ttyACM0 none bind,optional,create=file
Warning - this reduces security
Find the id of the container, you can list active containers with:
pct list
Edit the container config like:
vi /etc/pve/lxc/113.conf
Add the extra lines:
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:
Shutdown and restart the container.
To enable aufs/overlay in the container, it actually needs to be loaded on the proxmox host, this can be done with:
modprobe aufs
modprobe overlay
And made permanent by adding aufs & overlay to /etc/modules-load.d/modules.conf:
aufs
overlay
Then restart the proxmox server.
Lastly, inside the containter, switch to overlay fs by editing/creating /etc/docker/daemon.json and adding:
{
"storage-driver": "overlay2"
}
And restart the container and you should have full docker support in the container.