Talk:Incus

Revision as of 16:02, 8 December 2024 by Sephi (talk | contribs) (→‎Issues with squashfs: Reply)

Latest comment: 8 December by Sephi in topic Issues with squashfs

Issues with squashfs

The instructions to create an LXC container result in a / partition that has 0777 permissions. This is probably not a good idea from a security perspective, and it also prevents SSH from working correctly (it will refuse to read keys from /etc/ssh/authorized_keys.d).

Using `nix build .#nixosConfigurations.container.config.system.build.tarball --print-out-paths` instead of `nix build .#nixosConfigurations.container.config.system.build.squashfs --print-out-paths` fixes the issue for me. Maybe this should be updated? Sephi (talk) 12:38, 8 December 2024 (UTC)Reply

No, this needs to be properly fixed in the squashfs image. Adamcstephens (talk) 15:02, 8 December 2024 (UTC)Reply
https://github.com/NixOS/nixpkgs/pull/363247 Adamcstephens (talk) 15:19, 8 December 2024 (UTC)Reply
Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. Sephi (talk) 16:02, 8 December 2024 (UTC)Reply
Return to "Incus" page.