Mastodon

AskUbuntuLXD with Win11 no network adapter driver <a href="https://ubuntu.social/tags/drivers" class="mention hashtag" rel="nofollow noopener" target="_blank">#drivers</a> <a href="https://ubuntu.social/tags/lxc" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxc</a> <a href="https://ubuntu.social/tags/lxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxd</a><a href="https://askubuntu.com/q/1544000/612" rel="nofollow noopener" translate="no" target="_blank">https://askubuntu.com/q/1544000/612</a>

bbₜᵤₓᵢJetzt probiere ich mal die <a href="https://burningboard.net/tags/Canonical" class="mention hashtag" rel="nofollow noopener" target="_blank">#Canonical</a> <a href="https://burningboard.net/tags/lxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxd</a> UI aus 🙈 Soll wohl eine Alternative zu einem Proxmox sein.<a href="https://burningboard.net/@Larvitz" class="u-url mention" rel="nofollow noopener" target="_blank">@Larvitz</a>

Soumyadeep Ghosh(সৌম্যদীপ ঘোষ)Gave my first ever <a href="https://mastodon.social/tags/lightning" class="mention hashtag" rel="tag">#lightning</a> <a href="https://mastodon.social/tags/talk" class="mention hashtag" rel="tag">#talk</a> in <a href="https://mastodon.social/tags/FOSSASIA" class="mention hashtag" rel="tag">#FOSSASIA</a> Summit 2025. Pretty nervous and excited. But went well. Some snaps of that in Day 3.<a href="https://mastodon.social/tags/snapcrafters" class="mention hashtag" rel="tag">#snapcrafters</a> <a href="https://mastodon.social/tags/ubuntu" class="mention hashtag" rel="tag">#ubuntu</a> <a href="https://mastodon.social/tags/lxd" class="mention hashtag" rel="tag">#lxd</a> <a href="https://mastodon.social/tags/fossasia" class="mention hashtag" rel="tag">#fossasia</a> <a href="https://mastodon.social/tags/foss" class="mention hashtag" rel="tag">#foss</a> <a href="https://mastodon.social/tags/github" class="mention hashtag" rel="tag">#github</a> <a href="https://mastodon.social/tags/ci" class="mention hashtag" rel="tag">#ci</a> <a href="https://mastodon.social/tags/bash" class="mention hashtag" rel="tag">#bash</a>

LinuxiacLXD 6.3 system container manager brings Pure Storage support, Ubuntu Pro auto-attachment, NVIDIA GPU pass-through, and more. <a href="https://linuxiac.com/lxd-6-3-brings-pure-storage-driver-improved-gpu-pass-through/" target="_blank" rel="nofollow noopener" translate="no">https://linuxiac.com/lxd-6-3-brings-pure-storage-driver-improved-gpu-pass-through/</a><a href="https://mastodon.social/tags/lxd" class="mention hashtag" rel="tag">#lxd</a> <a href="https://mastodon.social/tags/ubuntu" class="mention hashtag" rel="tag">#ubuntu</a> <a href="https://mastodon.social/tags/containers" class="mention hashtag" rel="tag">#containers</a>

EmpathicQubitSetting up Windows on <a href="https://mastodon.de/tags/LXD" class="mention hashtag" rel="nofollow noopener" target="_blank">#LXD</a> is complicateder enough than libvirt to be annoying. I apparently have to rebuild the ISO to include some drivers.

AskUbuntuMultipass with LXD cannot launch new instances <a href="https://ubuntu.social/tags/lxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxd</a> <a href="https://ubuntu.social/tags/multipass" class="mention hashtag" rel="nofollow noopener" target="_blank">#multipass</a><a href="https://askubuntu.com/q/1543176/612" rel="nofollow noopener" translate="no" target="_blank">https://askubuntu.com/q/1543176/612</a>

stfn :raspberrypi: :python:So I have this idea to move at least some of my self-hosted stuff from Docker to LXC.Correct my if I'm wrong dear Fedisians, but I feel that LXC is better than Docker for services that are long-lasting and keeping an internal state, like Jellyfin or Forgejo or Immich? Docker containers are ephemeral in nature, whereas LXC containers are, from what I understand, somewhere between Docker containers and VMs.<a href="https://fosstodon.org/tags/lxc" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxc</a> <a href="https://fosstodon.org/tags/lxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxd</a>

st1nger :unverified: 🏴‍☠️ :linux: :freebsd:<a href="https://infosec.exchange/tags/Incus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Incus</a> is a next-generation <a href="https://infosec.exchange/tags/system" class="mention hashtag" rel="nofollow noopener" target="_blank">#system</a> <a href="https://infosec.exchange/tags/container" class="mention hashtag" rel="nofollow noopener" target="_blank">#container</a> application container, and virtual machine manager. It provides a user experience similar to that of a public <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#cloud</a> With it, you can easily mix and match both containers and virtual machines, sharing the same underlying <a href="https://infosec.exchange/tags/storage" class="mention hashtag" rel="nofollow noopener" target="_blank">#storage</a> and <a href="https://infosec.exchange/tags/network" class="mention hashtag" rel="nofollow noopener" target="_blank">#network</a> - The Incus project was created by Aleksa Sarai as a community driven alternative to Canonical's <a href="https://infosec.exchange/tags/LXD" class="mention hashtag" rel="nofollow noopener" target="_blank">#LXD</a> <a href="https://linuxcontainers.org/incus/" rel="nofollow noopener" translate="no" target="_blank">https://linuxcontainers.org/incus/</a>

kgoetzIts amazing how useful having a break can be.Last night my brain had completely ground to a halt working on my <a href="https://aus.social/tags/incus" class="mention hashtag" rel="nofollow noopener" target="_blank">#incus</a> / <a href="https://aus.social/tags/lxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxd</a> <a href="https://aus.social/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#API</a> client.I could not, for the life of me, find the search terms to convey my question "how do I verify the remote LXD servers certificate in my <a href="https://aus.social/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#python</a> code".Today I have the answer and pushed updated code (<a href="https://github.com/medeopolis/container_client/" rel="nofollow noopener" translate="no" target="_blank">https://github.com/medeopolis/container_client/</a>).Long story short: - use supplied tools to create server and client certificates (eg using <a href="https://linuxcontainers.org/incus/docs/main/howto/server_expose/" rel="nofollow noopener" translate="no" target="_blank">https://linuxcontainers.org/incus/docs/main/howto/server_expose/</a>). You could do it with openssl commands if you really have to - The resulting .config/{incus,lxc}/client.{crt,key} are for client authentication - the resulting .config/{incus,lxc}/servercerts/servername.crt can be used for https verification/validation. *to actually use this meaningfully the server cert has to be regenerated, the only addresses covered out of the box are loopback IPs*I don't know if there is one place I can point to thank for helping me figure my way through but <a href="https://discuss.linuxcontainers.org/" rel="nofollow noopener" translate="no" target="_blank">https://discuss.linuxcontainers.org/</a> had several useful posts 🙏 , and perhaps a good night sleep.

EmpathicQubitSo I managed to get <a href="https://mastodon.de/tags/Forgejo" class="mention hashtag" rel="nofollow noopener" target="_blank">#Forgejo</a> jobs running in a way that I'm happy enough with. The main concern is that they're isolated as possible. The current runner has a scary warning on it that it's in alpha and shouldn't be considered secure.The runner instance is Debian running in an <a href="https://mastodon.de/tags/lxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxd</a> --vm on my laptop (I didn't want to consume resources on the server since it's small). In this instance I have <a href="https://mastodon.de/tags/k0s" class="mention hashtag" rel="nofollow noopener" target="_blank">#k0s</a> running, which is a slimmed down <a href="https://mastodon.de/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kubernetes</a>, which is running <a href="https://mastodon.de/tags/Codeberg" class="mention hashtag" rel="nofollow noopener" target="_blank">#Codeberg</a> 's runner pod. This has three containers. One to register the runner, then two others that are always running, the runner itself and <a href="https://mastodon.de/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a> -in-Docker . You can replicate this entire setup so that each runner gets its own DinD which is completely separated from the others.Each runner checks for a single job in a loop, and once a job is completed then the docker server is pruned, and the runner shuts down. Then k0s will automatically restart it. This isn't perfect but it's better than runner processes which never shut down, because the docker cache will linger and others can look at it to spy on your jobs.

kgoetzWhat could be better on a Sunday than throwing more incomplete <a href="https://aus.social/tags/sourcecode" class="mention hashtag" rel="nofollow noopener" target="_blank">#sourcecode</a> over the wall and hoping no one throws it back? This time its a thin as paper wrapper around the <a href="https://aus.social/tags/LXD" class="mention hashtag" rel="nofollow noopener" target="_blank">#LXD</a> / <a href="https://aus.social/tags/Incus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Incus</a> REST <a href="https://aus.social/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#API</a> written in <a href="https://aus.social/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#python</a> . (I'll be trying to use that instead of <a href="https://aus.social/tags/pylxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#pylxd</a> until their websockets bug fixes are in place. Hopefully then I can swap back to pylxd)<a href="https://github.com/medeopolis/container_client/" rel="nofollow noopener" translate="no" target="_blank">https://github.com/medeopolis/container_client/</a>

Pope Bob the UnsaneAfter taking the nickle tour of <a href="https://kolektiva.social/tags/Qubes" class="mention hashtag" rel="nofollow noopener" target="_blank">#Qubes</a>, my hasty conclusion is that it is anti-<a href="https://kolektiva.social/tags/KISS" class="mention hashtag" rel="nofollow noopener" target="_blank">#KISS</a>; there are seemingly many moving parts under the surface, and many scripts to grok to comprehend what is going on.I plan to give it some more time, if only to unwrap how it launches programs in a VM and shares them with dom0's X server and audio and all that; perhaps it's easier than I think.I also think <a href="https://kolektiva.social/tags/Xen" class="mention hashtag" rel="nofollow noopener" target="_blank">#Xen</a> is a bit overkill, as the claim is that it has a smaller kernel and therefore smaller attack surface than the seemingly superior alternative, <a href="https://kolektiva.social/tags/KVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#KVM</a>. Doing some rudimentary searching out of identified / known VM escapes, there seem to be many more that impact Xen than KVM, in the first place.Sure, the <a href="https://kolektiva.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> kernel may be considerably larger than the Xen kernel, but it does not need to be (a lot can be trimmed from the Linux kernel if you want a more secure hypervisor), and the Linux kernel is arguably more heavily audited than the Xen kernel.My primary concern is compartmentalization of 'the web', which is the single greatest threat to my system's security, and while <a href="https://kolektiva.social/tags/firejail" class="mention hashtag" rel="nofollow noopener" target="_blank">#firejail</a> is a great soltion, I have run into issues maintaining my qutebrowser.local and firefox.local files tuned to work well, and it's not the simplest of solutions.Qubes offers great solutions to the compartmentalization of data and so on, and for that, I really like it, but I think it's over-kill, even for people that desire and benefit from its potential security model, given what the threats are against modern workstations, regardless of threat actor -- most people (I HOPE) don't have numerous vulnerable services listening on random ports waiting to be compromised by a remote threat.So I am working to refine my own security model, with the lessons I'm learning from Qubes.Up to this point, my way of using a system is a bit different than most. I have 2 non-root users, neither has sudo access, so I do the criminal thing and use root directly in a virtual terminal.One user is my admin user that has ssh keys to various other systems, and on those systems, that user has sudo access. My normal user has access to some hosts, but not all, and has no elevated privileges at all.Both users occasionally need to use the web. When I first learned about javascript, years and years ago, it was a very benevolent tool. It could alter the web page a bit, and make popups and other "useful" things.At some point, <a href="https://kolektiva.social/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#javascript</a> became a beast, a monster, something that was capable of scooping up your password database, your ssh keys, and probe your local networks with port scans.In the name of convenience.As a result, we have to take browser security more seriously, if we want to avoid compromise.The path I'm exploring at the moment is to run a VM or two as a normal user, using KVM, and then using SSH X forwarding to run firefox from the VM which I can more easily firewall, and ensures if someone escapes my browser or abuses JS in a new and unique way, that no credentials are accessible, unless they are also capable of breaking out of the VM.What else might I want to consider? I 'like' the concept of dom0 having zero network access, but I don't really see the threat actor that is stopping. Sure, if someone breaks from my VM, they can then call out to the internet, get a reverse shell, download some payloads or build tools, etc.But if someone breaks out of a Qubes VM, they can basically do the same thing, right? Because they theoretically 'own' the hypervisor, and can restore network access to dom0 trivially, or otherwise get data onto it. Or am I mistaken?Also, what would the <a href="https://kolektiva.social/tags/LXC" class="mention hashtag" rel="nofollow noopener" target="_blank">#LXC</a> / <a href="https://kolektiva.social/tags/LXD" class="mention hashtag" rel="nofollow noopener" target="_blank">#LXD</a> approach look like for something like this? What's its security record like, and would it provide an equivalent challenge to someone breaking out of a web browser (or other program I might use but am not thinking of at the moment)?

Root MooseHey Everyone, You've been meaning to do it but now is the time 'circle the wagons' and get your systems moved from docker to something else. Time for me to 'restart' the migration. Remember: never Oracle<a href="https://techcrunch.com/2025/02/13/former-oracle-cloud-exec-don-johnson-takes-over-as-dockers-new-ceo/" rel="nofollow noopener" translate="no" target="_blank">https://techcrunch.com/2025/02/13/former-oracle-cloud-exec-don-johnson-takes-over-as-dockers-new-ceo/</a><a href="https://root.moose.ca/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#docker</a> <a href="https://root.moose.ca/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#podman</a> <a href="https://root.moose.ca/tags/containerd" class="mention hashtag" rel="nofollow noopener" target="_blank">#containerd</a> <a href="https://root.moose.ca/tags/lxc" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxc</a> <a href="https://root.moose.ca/tags/lxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxd</a>

Till Kamppeter<a href="https://ubuntu.social/tags/FOSDEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSDEM</a> <a href="https://ubuntu.social/tags/FOSDEM2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSDEM2025</a> in Brussels is coming closer, Feb 1 and 2, and it will get orange!We will have an <a href="https://ubuntu.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ubuntu</a> booth this year! There will be 19 people from <a href="https://ubuntu.social/tags/Canonical" class="mention hashtag" rel="nofollow noopener" target="_blank">#Canonical</a>, and several from the wider Ubuntu community!People from Desktop, Server, Foundations, Kernel, <a href="https://ubuntu.social/tags/LXD" class="mention hashtag" rel="nofollow noopener" target="_blank">#LXD</a>, <a href="https://ubuntu.social/tags/Snap" class="mention hashtag" rel="nofollow noopener" target="_blank">#Snap</a> (for all distros), <a href="https://ubuntu.social/tags/snapcrafters" class="mention hashtag" rel="nofollow noopener" target="_blank">#snapcrafters</a>, <a href="https://ubuntu.social/tags/MIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#MIR</a>, Ubuntu on <a href="https://ubuntu.social/tags/Matrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#Matrix</a> Live demos, answers to your questions, everything what you want to know about Ubuntu!See you in building K, on the ground floor.<a href="https://fosdem.org/2025/stands/" rel="nofollow noopener" translate="no" target="_blank">https://fosdem.org/2025/stands/</a>

MarcelXpipe erschien gestern übrigens in Version 14 und hat nun <a href="https://fedifriends.social/tags/Incus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Incus</a> support. Zusätzlich gibt es nun verwaltbare Identitäten und noch ein Haufen anderer Features. Der Start wurde auch spürbar beschleunigt :neocat_approve: <a href="https://github.com/xpipe-io/xpipe" rel="nofollow noopener" translate="no" target="_blank">https://github.com/xpipe-io/xpipe</a><a href="https://fedifriends.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://fedifriends.social/tags/LXD" class="mention hashtag" rel="nofollow noopener" target="_blank">#LXD</a> <a href="https://fedifriends.social/tags/Docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Docker</a>

Zygmunt KrynickiIf you are running <a href="https://fosstodon.org/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fedora</a> and want to use <a href="https://fosstodon.org/tags/LXD" class="mention hashtag" rel="nofollow noopener" target="_blank">#LXD</a> then try:firewall-cmd --add-interface=lxdbr0 --zone=trusted --permanent firewall-cmd --reload

MarcelPlease boost! Weil ich das Projekt echt super finde:Wer mehrere Hosts, Proxmox Environments, LXD, Kubernetes oder einfach nur ssh-Verbindungen verwaltet:Schaut euch Xpipe an!<a href="https://github.com/xpipe-io/xpipe" rel="nofollow noopener" translate="no" target="_blank">https://github.com/xpipe-io/xpipe</a>Das bündelt alles unter einer bequemen Oberfläche und ist sogar Multiplattform verfügbar!Die Konfiguration kann bequem über mehrere Instanzen hinweg Betriebssystemunabhängig mittels Git synchronisiert werden. Ich hab heute in einer Mail auch angefragt wie es mit Incus- Support aussieht. Das stehe wohl für die nächste Majorversion auf der Roadmap. Die Antwort kam fix und das an einem Sonntag :neocat_laptop_notice: Open Source made in Germany <a href="https://fedifriends.social/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#docker</a> <a href="https://fedifriends.social/tags/lxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxd</a> <a href="https://fedifriends.social/tags/lxc" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxc</a> <a href="https://fedifriends.social/tags/incus" class="mention hashtag" rel="nofollow noopener" target="_blank">#incus</a> <a href="https://fedifriends.social/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#foss</a> <a href="https://fedifriends.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://fedifriends.social/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#ssh</a> <a href="https://fedifriends.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a>

PrimoFUCK NAT MODE, FUCK BRIDGE MODE, FUCK VIRTUALIZATION, FUCK DOCKER, FUCK CONTAINIZATION, FUCK VMWARE, FUCK VIRTUALBOX, FUCK LXC, FUCK PROXMOX, FUCK FIREWALLS, FUCK NETWORKING, AND FINNALY FUCK COMPUTERS.<a href="https://mastodon.social/tags/networking" class="mention hashtag" rel="tag">#networking</a> <a href="https://mastodon.social/tags/virtualization" class="mention hashtag" rel="tag">#virtualization</a> <a href="https://mastodon.social/tags/vmware" class="mention hashtag" rel="tag">#vmware</a> <a href="https://mastodon.social/tags/virtualbox" class="mention hashtag" rel="tag">#virtualbox</a> <a href="https://mastodon.social/tags/proxmox" class="mention hashtag" rel="tag">#proxmox</a> <a href="https://mastodon.social/tags/nat" class="mention hashtag" rel="tag">#nat</a> <a href="https://mastodon.social/tags/server" class="mention hashtag" rel="tag">#server</a> <a href="https://mastodon.social/tags/vm" class="mention hashtag" rel="tag">#vm</a> <a href="https://mastodon.social/tags/docker" class="mention hashtag" rel="tag">#docker</a> <a href="https://mastodon.social/tags/container" class="mention hashtag" rel="tag">#container</a> <a href="https://mastodon.social/tags/vbox" class="mention hashtag" rel="tag">#vbox</a> <a href="https://mastodon.social/tags/computer" class="mention hashtag" rel="tag">#computer</a> <a href="https://mastodon.social/tags/pc" class="mention hashtag" rel="tag">#pc</a> <a href="https://mastodon.social/tags/lxc" class="mention hashtag" rel="tag">#lxc</a> <a href="https://mastodon.social/tags/lxd" class="mention hashtag" rel="tag">#lxd</a> <a href="https://mastodon.social/tags/network" class="mention hashtag" rel="tag">#network</a> <a href="https://mastodon.social/tags/bridge" class="mention hashtag" rel="tag">#bridge</a> <a href="https://mastodon.social/tags/mode" class="mention hashtag" rel="tag">#mode</a> <a href="https://mastodon.social/tags/virtual" class="mention hashtag" rel="tag">#virtual</a>

OSTechNixLXD 6.2 Released with NVIDIA CDI Support and Enhanced VM Management <a href="https://floss.social/tags/LXD" class="mention hashtag" rel="nofollow noopener" target="_blank">#LXD</a> <a href="https://floss.social/tags/Containers" class="mention hashtag" rel="nofollow noopener" target="_blank">#Containers</a> <a href="https://floss.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://floss.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ubuntu</a> <a href="https://floss.social/tags/Releases" class="mention hashtag" rel="nofollow noopener" target="_blank">#Releases</a> <a href="https://ostechnix.com/lxd-6-2-released/" rel="nofollow noopener" translate="no" target="_blank">https://ostechnix.com/lxd-6-2-released/</a>

LinuxNews.deLXD 6.2 reicht Nvidia-Grafikkarten durch <a href="https://linuxnews.de/lxd-6-2-reicht-nvidia-grafikkarten-durch/" rel="nofollow noopener" translate="no" target="_blank">https://linuxnews.de/lxd-6-2-reicht-nvidia-grafikkarten-durch/</a> <a href="https://social.anoxinon.de/tags/lxd" class="mention hashtag" rel="nofollow noopener" target="_blank">#lxd</a>

Recent searches

Search options

Administered by:

Server stats:

#lxd