From 1852be904823e3532af38efc5ef55d3fb931e616 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 7 May 2021 17:21:18 +0200 Subject: [PATCH] doc: document new idmap= option for lxc.rootfs.options Signed-off-by: Christian Brauner --- doc/lxc.container.conf.sgml.in | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index d7859b45c..0323b468f 100644 --- a/doc/lxc.container.conf.sgml.in +++ b/doc/lxc.container.conf.sgml.in @@ -1497,7 +1497,21 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - extra mount options to use when mounting the rootfs. + Specify extra mount options to use when mounting the rootfs. + The format of the mount options corresponds to the + format used in fstab. In addition, LXC supports the custom + mount option. This option can be used + to tell LXC to create an idmapped mount for the container's + rootfs. This is useful when the user doesn't want to recursively + chown the rootfs of the container to match the idmapping of the + user namespace the container is going to use. Instead an + idmapped mount can be used to handle this. + The argument for + + can either be a path pointing to a user namespace file that + LXC will open and use to idmap the rootfs or the special value + "container" which will instruct LXC to use + the container's user namespace to idmap the rootfs. @@ -3098,6 +3112,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA lxc.mount.fstab = /etc/fstab.complex lxc.mount.entry = /lib /root/myrootfs/lib none ro,bind 0 0 lxc.rootfs.path = dir:/mnt/rootfs.complex + lxc.rootfs.options = idmap=container lxc.cap.drop = sys_module mknod setuid net_raw lxc.cap.drop = mac_override -- 2.47.2