Getting KVM/FUSE/loop/openvpn to work inside systemd-nspawn
- In e.g. /etc/systemd/nspawn/vm.nspawn:
[Exec]
PrivateUsers=no
The root user inside the container is not the same as the global root user and thus may be unable to open certain device nodes or perform actions on them if the corresponding kernel module code checks for UID 0. - In e.g. /etc/systemd/nspawn/vm.nspawn:
[Exec]
Capability=all
The global root user inside the container may be unable to open certain dveice nodes or perform actions on them if the corresponding kernel module code checks for certain capabilities. - In e.g. /etc/systemd/nspawn/vm.nspawn:
[Files]
Bind=/dev/kvm
Bind=/dev/net/tun
Bind=/dev/fuse
Bind=/dev/loop-control
This is to make some device nodes from the host visible in the guest. The guest may still need to statically create device nodes, e.g. because/if loop0..loopN are not present in the host. udev is not normally running inside the guest. Nor is sysfs virtualized to the point where running udev inside makes much sense. This means that devices with dynamic device numbers like loopXpY are not representable. - Edit the service unit under which nspawn will start, e.g. `systemctl
edit systemd-nspawn@vm` and add:
[Service]
DeviceAllow=block-loop rw
DeviceAllow=block-blkext rw
DeviceAllow=/dev/loop-control rw
DeviceAllow=/dev/kvm rw
DeviceAllow=/dev/fuse rw
DeviceAllow=/dev/net/tun rw
This is needed to relax seccomp inside the guest which (independently of uid/capability checks by kernel module code) otherwise prevents opening these paths.
Posted 2024-07-17 02:07 / Tags: Linux. / link
Notes on photo sphere/panoramic EXIF metadata
- Google's EXIF/XMP metadata tag specification for panoramic images
- Panorama images with sky are to have a negative value for the CroppedAreaTopPixels tag. (The panoramic viewer of Facebook ignores the value altogether, though, and assumes the horizon in the middle of the picture.)
- If a camera or software normally produces panoramic images with cylindrical projection, then doing a vertical capture actually produces a transverse cylindrical image. There is no standardized value for the EXIF ProjectionType field to cover this. (One option is to reproject them to equirectangular — which, again, is not very well supported.)
- Facebook's document on what tags to set
- The Facebook web interface insists that FullPanoHeightPixels be half the size of FullPanoWidthPixels. Else you get “no new photos were uploaded”.
/ Tags: Photo.