On 3/11/24 14:38, Patrick O'Callaghan wrote:
On Mon, 2024-03-11 at 09:16 -0700, Mike Wright wrote:
On 3/11/24 08:41, Mike Wright wrote:
On 3/11/24 04:33, Patrick O'Callaghan wrote:
On Sun, 2024-03-10 at 22:56 -0700, Mike Wright wrote:
On 3/10/24 15:40, Patrick O'Callaghan wrote:
On Sun, 2024-03-10 at 11:13 -0700, Mike Wright wrote: > The last two lines are key. Add these flags: -F -o > logfile. The > default loglevel is ERROR. If you want more detail include > -l > LEVEL. >
AFAIK 'apparmor' is a Ubuntu-ism. Both my system and the system in the container are Fedora 39.
That one puzzles me, too. However, there is no corresponding lxc.selinux setting. lxc was a canonical/ubuntu creation so my first reaction was the same as yours but from some of the comments I've read on https://discuss.linuxcontainers.org ( another forum with *lots* of empty space ) that it or something like it may have been integrated into lxc.
CORRECTION: the above paragraph is wrong.
A much easier to read manpage:
https://manpages.ubuntu.com/manpages/bionic/en/man5/lxc.container.conf.5.htm...
This appears to the manpage at lxc-container.conf(5).
Yes, sans-serif is easier for me to read. White BG (although I prefer dark theme) is also a lot better for me than white on black manpages.
ยง SELINUX CONTEXT
lxc.selinux.context
Specify the SELinux context under which the container should be run or unconfined_t. For example
lxc.selinux.context = system_u:system_r:lxc_t:s0:c22I added that to the config file. It made no difference.
Try this ( works with lxc.apparmor.context ).
lxc.selinux.context = generated
...and also ~/.local/lxc/default.conf with these contents:
lxc.include = /etc/lxc/default.conf lxc.idmap = u 0 100000 65536 lxc.idmap = g 0 100000 65536
That way the lxc.idmap lines are not required in each config.