Instead of my custom-baked implementation, that doesn't support
file system ACLs and is quite slow, we switch to `fuidshift` from the
`lxd-tools` Debian package.
I previously thought that handling symlinks would not be necessary and
also not possible. Then, I found out about the `--no-dereference` option
for `chown` ...
lxc-create will pass "--mapped-uid" and "--mapped-gid" into the
template, if there's an "lxc.idmap" option in the config file. We now
support getting these parameters as options.
Since an "lxc.idmap" option in the config makes lxc-create already
change the userns, we cannot support it. Therefore, we error out if we
see these options. Instead, we write the "lxc.idmap" options ourselves
based on the "--uidmap" and "--gidmap" options passed by the user.
This script can be used as LXC template to install a Debian into a
directory using `mmdebstrap`. It's intended use is to create a container
filesystem with appropriate uids/gids for use in an unprivileged
container. The script assumes that it runs as root and only changes the
userns to install Debian.
I've used this script to remap files' uids/gids of containers created
without a custom userns into their new range. It's inferior to
`fuidshift` from the `lxc` project in that it doesn't handle ACLs and is
quite slow - probably because it calls a binary for every file.
By default, it runs in debug mode only printing the chown command
instead of executing it. You need to edit the file to use it.
It also only works with LVs (logical volumes from LVM), mounting them
automatically.