Question about unprivileged lxc containers
Ian Booth
ian.booth at canonical.com
Fri Aug 22 00:25:18 UTC 2014
Hi Jorge
>
> While working on a bug assignment related to LXC templates, i noticed
> that the golxc driver is performing the following subprocess
> invocation on the Create method:
>
> ```
> lxc-create -n juju-trusty-template -t ubuntu-cloud -f
> /var/lib/juju/containers/juju-trusty-template/lxc.conf -- --debug
> --userdata /var/lib/juju/containers/juju-trusty-template/cloud-init
> --hostid juju-trusty-template -r trusty
> ```
> The problem with this command is that is forcing the usage of
> /var/lib/juju/containers/juju-trusty-template/lxc.conf as the default
> and this file doesn't includes any configuration directive regarding
> to id_maps , which is a requirement to run unprivileged containers,
> also using the (-f) flag has preference over my locally defined
> ~/.config/lxc/default.conf.
>
> Do we need to add id_maps options for unprivileged containers to
> golxc? Any other idea?
>
> (More information:
> https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ )
>
We want to support unprivileged containers in Juju. We are currently
prioritising work for the rest of this cycle. This item has come up as a
request, but it looks like there are enough items ahead of it in the queue that
we may not get to it straight away. It will be done, but as of right now, I
can't give you a definite timeframe. Is there a specific customer request for
this feature?
More information about the Juju-dev
mailing list