From: Christian Brauner Date: Fri, 7 May 2021 15:21:18 +0000 (+0200) Subject: doc: document new idmap= option for lxc.rootfs.options X-Git-Tag: lxc-5.0.0~176^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3829%2Fhead;p=thirdparty%2Flxc.git doc: document new idmap= option for lxc.rootfs.options Signed-off-by: Christian Brauner --- diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index d7859b45c..0323b468f 100644 --- a/doc/lxc.container.conf.sgml.in +++ b/doc/lxc.container.conf.sgml.in @@ -1497,7 +1497,21 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - extra mount options to use when mounting the rootfs. + Specify extra mount options to use when mounting the rootfs. + The format of the mount options corresponds to the + format used in fstab. In addition, LXC supports the custom + mount option. This option can be used + to tell LXC to create an idmapped mount for the container's + rootfs. This is useful when the user doesn't want to recursively + chown the rootfs of the container to match the idmapping of the + user namespace the container is going to use. Instead an + idmapped mount can be used to handle this. + The argument for + + can either be a path pointing to a user namespace file that + LXC will open and use to idmap the rootfs or the special value + "container" which will instruct LXC to use + the container's user namespace to idmap the rootfs. @@ -3098,6 +3112,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA lxc.mount.fstab = /etc/fstab.complex lxc.mount.entry = /lib /root/myrootfs/lib none ro,bind 0 0 lxc.rootfs.path = dir:/mnt/rootfs.complex + lxc.rootfs.options = idmap=container lxc.cap.drop = sys_module mknod setuid net_raw lxc.cap.drop = mac_override