Talk:Incus: Difference between revisions

Revision as of 16:02, 8 December 2024

Issues with squashfs

Latest comment: 8 December4 comments2 people in discussion

The instructions to create an LXC container result in a / partition that has 0777 permissions. This is probably not a good idea from a security perspective, and it also prevents SSH from working correctly (it will refuse to read keys from /etc/ssh/authorized_keys.d).

Using `nix build .#nixosConfigurations.container.config.system.build.tarball --print-out-paths` instead of `nix build .#nixosConfigurations.container.config.system.build.squashfs --print-out-paths` fixes the issue for me. Maybe this should be updated? Sephi (talk) 12:38, 8 December 2024 (UTC)Reply

No, this needs to be properly fixed in the squashfs image. Adamcstephens (talk) 15:02, 8 December 2024 (UTC)Reply

https://github.com/NixOS/nixpkgs/pull/363247 Adamcstephens (talk) 15:19, 8 December 2024 (UTC)Reply

Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. Sephi (talk) 16:02, 8 December 2024 (UTC)Reply

@@ Line 7: / Line 7: @@
 :No, this needs to be properly fixed in the squashfs image.  [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 15:02, 8 December 2024 (UTC)
 :https://github.com/NixOS/nixpkgs/pull/363247 [[User:Adamcstephens|Adamcstephens]] ([[User talk:Adamcstephens|talk]]) 15:19, 8 December 2024 (UTC)
+::Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. [[User:Sephi|Sephi]] ([[User talk:Sephi|talk]]) 16:02, 8 December 2024 (UTC)