Talk:Incus

The instructions to create an LXC container result in a / partition that has 0777 permissions. This is probably not a good idea from a security perspective, and it also prevents SSH from working correctly (it will refuse to read keys from /etc/ssh/authorized_keys.d).

Using `nix build .#nixosConfigurations.container.config.system.build.tarball --print-out-paths` instead of `nix build .#nixosConfigurations.container.config.system.build.squashfs --print-out-paths` fixes the issue for me. Maybe this should be updated? Sephi (talk) 12:38, 8 December 2024 (UTC)Reply

No, this needs to be properly fixed in the squashfs image. Adamcstephens (talk) 15:02, 8 December 2024 (UTC)Reply

https://github.com/NixOS/nixpkgs/pull/363247 Adamcstephens (talk) 15:19, 8 December 2024 (UTC)Reply

Cool, thanks! I’m still unsure why we would advise people to use the squashfs instead of the tarball (like Hydra seems to be doing for producing the images published on the linux-containers image server), but at least the fix in permissions should fix the SSH service. Sephi (talk) 16:02, 8 December 2024 (UTC)Reply

squashfs is preferred because it's quicker to build and extract, as it operates in parallel across cores. You're welcome to use the tarball, but in general working with squashfs provides a better experience. Adamcstephens (talk) 18:13, 8 December 2024 (UTC)Reply

Also the linux containers project seems to favor squashfs, so we're also following their lead. We previously provided them tarballs before squashfs was available, and I think they were re-packing into squashfs anyway. :) Adamcstephens (talk) 18:16, 8 December 2024 (UTC)Reply