X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pct.adoc;h=9f4fde8f21c08ada87fffe481e5400e15a67a76d;hp=5710d0feafa30ff7c17475a14d5ea38c76e853f2;hb=63f956c8fad04141b71dd1330bcb06f6395b977d;hpb=9e44e493d8344fc87e5fa72cdda8ea97dd6f5207 diff --git a/pct.adoc b/pct.adoc index 5710d0f..9f4fde8 100644 --- a/pct.adoc +++ b/pct.adoc @@ -205,9 +205,28 @@ rewrite ssh_host_keys:: so that each container has unique keys randomize crontab:: so that cron does not start at the same time on all containers -The above task depends on the OS type, so the implementation is different -for each OS type. You can also disable any modifications by manually -setting the 'ostype' to 'unmanaged'. +Changes made by {PVE} are enclosed by comment markers: + +---- +# --- BEGIN PVE --- + +# --- END PVE --- +---- + +Those markers will be inserted at a reasonable location in the +file. If such a section already exists, it will be updated in place +and will not be moved. + +Modification of a file can be prevented by adding a `.pve-ignore.` +file for it. For instance, if the file `/etc/.pve-ignore.hosts` +exists then the `/etc/hosts` file will not be touched. This can be a +simple empty file creatd via: + + # touch /etc/.pve-ignore.hosts + +Most modifications are OS dependent, so they differ between different +distributions and versions. You can completely disable modifications +by manually setting the 'ostype' to 'unmanaged'. OS type detection is done by testing for certain files inside the container: @@ -224,9 +243,16 @@ ArchLinux:: test /etc/arch-release Alpine:: test /etc/alpine-release +Gentoo:: test /etc/gentoo-release + NOTE: Container start fails if the configured 'ostype' differs from the auto detected type. +Options +~~~~~~~ + +include::pct.conf.5-opts.adoc[] + Container Images ---------------- @@ -358,6 +384,12 @@ mounting mechanisms or storage technologies, it is possible to establish the FUSE mount on the Proxmox host and use a bind mount point to make it accessible inside the container. +WARNING: For security reasons, bind mounts should only be established +using source directories especially reserved for this purpose, e.g., a +directory hierarchy under `/mnt/bindmounts`. Never bind mount system +directories like `/`, `/var` or `/etc` into a container - this poses a +great security risk. The bind mount source path must not contain any symlinks. + The root mount point is configured with the 'rootfs' property, and you can configure up to 10 additional mount points. The corresponding options are called 'mp0' to 'mp9', and they can contain the following setting: @@ -453,7 +485,8 @@ set the address and gateway, while it's running Reduce the memory of the container to 512MB - pct set -memory 512 100 + pct set 100 -memory 512 + Files ------