randomize crontab:: so that cron does not start at the same time on all containers
-The above task depends on the OS type, so the implementation is different
-for each OS type. You can also disable any modifications by manually
-setting the 'ostype' to 'unmanaged'.
+Changes made by {PVE} are enclosed by comment markers:
+
+----
+# --- BEGIN PVE ---
+<data>
+# --- END PVE ---
+----
+
+Those markers will be inserted at a reasonable location in the
+file. If such a section already exists, it will be updated in place
+and will not be moved.
+
+Modification of a file can be prevented by adding a `.pve-ignore.`
+file for it. For instance, if the file `/etc/.pve-ignore.hosts`
+exists then the `/etc/hosts` file will not be touched. This can be a
+simple empty file creatd via:
+
+ # touch /etc/.pve-ignore.hosts
+
+Most modifications are OS dependent, so they differ between different
+distributions and versions. You can completely disable modifications
+by manually setting the 'ostype' to 'unmanaged'.
OS type detection is done by testing for certain files inside the
container:
NOTE: Container start fails if the configured 'ostype' differs from the auto
detected type.
+Options
+~~~~~~~
+
+include::pct.conf.5-opts.adoc[]
+
Container Images
----------------
local storage inside containers with zero overhead. Such bind mounts
also provide an easy way to share data between different containers.
-Container Mountpoints
----------------------
-Beside the root directory the container can also have additional mountpoints.
-Currently there are basically three types of mountpoints: storage backed
-mountpoints, bind mounts and device mounts.
+Mount Points
+~~~~~~~~~~~~
+
+Beside the root directory the container can also have additional mount points.
+Currently there are basically three types of mount points: storage backed
+mount points, bind mounts and device mounts.
-Storage backed mountpoints are managed by the {pve} storage subsystem and come
+Storage backed mount points are managed by the {pve} storage subsystem and come
in three different flavors:
- Image based: These are raw images containing a single ext4 formatted file
snapshot mode backups. If FUSE mounts cannot be replaced by other
mounting mechanisms or storage technologies, it is possible to
establish the FUSE mount on the Proxmox host and use a bind
-mountpoint to make it accessible inside the container.
+mount point to make it accessible inside the container.
-The root mountpoint is configured with the 'rootfs' property, and you can
+WARNING: For security reasons, bind mounts should only be established
+using source directories especially reserved for this purpose, e.g., a
+directory hierarchy under `/mnt/bindmounts`. Never bind mount system
+directories like `/`, `/var` or `/etc` into a container - this poses a
+great security risk. The bind mount source path must not contain any symlinks.
+
+The root mount point is configured with the 'rootfs' property, and you can
configure up to 10 additional mount points. The corresponding options
are called 'mp0' to 'mp9', and they can contain the following setting:
Using quotas inside containers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Quotas allow to set limits inside a container for the amount of disk space
-that each user can use.
-This only works on ext4 image based storage types and currently does not work
-with unprivileged containers.
+Quotas allow to set limits inside a container for the amount of disk
+space that each user can use. This only works on ext4 image based
+storage types and currently does not work with unprivileged
+containers.
-Activating the `quota` option causes the following mount options to be used for
-a mountpoint: `usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0`
+Activating the `quota` option causes the following mount options to be
+used for a mount point:
+`usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0`
-This allows quotas to be used like you would on any other system. You can
-initialize the `/aquota.user` and `/aquota.group` files by running
+This allows quotas to be used like you would on any other system. You
+can initialize the `/aquota.user` and `/aquota.group` files by running
- quotacheck -cmug /
- quotaon /
+----
+quotacheck -cmug /
+quotaon /
+----
and edit the quotas via the `edquota` command. Refer to the documentation
of the distribution running inside the container for details.
-NOTE: You need to run the above commands for every mountpoint by passing
-the mountpoint's path instead of just `/`.
+NOTE: You need to run the above commands for every mount point by passing
+the mount point's path instead of just `/`.
+
Using ACLs inside containers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reduce the memory of the container to 512MB
- pct set -memory 512 100
+ pct set 100 -memory 512
+
Files
------
projects / pve-docs.git / blobdiff