Proxmox - lxc advanced features

Question

Proxmox - lxc advanced features

Closed this issue 6 years ago · 1 comments

I couldn't find the new advanced features for lxc containers. Its a really good feature that can be included in the container creation process.
From proxmox api.

"features": {
        "description": "Allow containers access to advanced features.",
        "format": {
            "fuse": {
                "default": 0,
                "description": "Allow using 'fuse' file systems in a container. Note that interactions between fuse and the freezer cgroup can potentially cause I/O deadlocks.",
                "optional": 1,
                "type": "boolean"
            },
            "keyctl": {
                "default": 0,
                "description": "For unprivileged containers only: Allow the use of the keyctl() system call. This is required to use docker inside a container. By default unprivileged containers will see this system call as non-existent. This is mostly a workaround for systemd-networkd, as it will treat it as a fatal error when some keyctl() operations are denied by the kernel due to lacking permissions. Essentially, you can choose between running systemd-networkd or docker.",
                "optional": 1,
                "type": "boolean"
            },
            "mount": {
                "description": "Allow mounting file systems of specific types. This should be a list of file system types as used with the mount command. Note that this can have negative effects on the container's security. With access to a loop device, mounting a file can circumvent the mknod permission of the devices cgroup, mounting an NFS file system can block the host's I/O completely and prevent it from rebooting, etc.",
                "format_description": "fstype;fstype;...",
                "optional": 1,
                "pattern": "(?^:[a-zA-Z0-9; ]+)",
                "type": "string"
            },
            "nesting": {
                "default": 0,
                "description": "Allow nesting. Best used with unprivileged containers with additional id mapping. Note that this will expose procfs and sysfs contents of the host to the guest.",
                "optional": 1,
                "type": "boolean"
            }
        },
        "optional": 1,
        "type": "string"
    },

Answer 1 · 2019-04-02T07:33:21.000Z

In containers creation method, you can already add options like this:
vmid = node.containers.next_id ostemplate = 'local:vztmpl/alpine-3.8-default_20180913_amd64.tar.xz' options = { storage: 'local-lvm', password: 'proxmox01', rootfs: 'local-lvm:1', features: "fuse=1,keyctl=1,mount=fstype, nesting=1" } node.containers.create(ostemplate, vmid, options)