Question about unprivileged lxc containers
Jorge Niedbalski
jorge.niedbalski at canonical.com
Thu Jul 31 19:45:08 UTC 2014
Hello,
While working on a bug assignment related to LXC templates, i noticed
that the golxc driver is performing the following subprocess
invocation on the Create method:
```
lxc-create -n juju-trusty-template -t ubuntu-cloud -f
/var/lib/juju/containers/juju-trusty-template/lxc.conf -- --debug
--userdata /var/lib/juju/containers/juju-trusty-template/cloud-init
--hostid juju-trusty-template -r trusty
```
The problem with this command is that is forcing the usage of
/var/lib/juju/containers/juju-trusty-template/lxc.conf as the default
and this file doesn't includes any configuration directive regarding
to id_maps , which is a requirement to run unprivileged containers,
also using the (-f) flag has preference over my locally defined
~/.config/lxc/default.conf.
Do we need to add id_maps options for unprivileged containers to
golxc? Any other idea?
(More information:
https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/ )
--
Jorge Niedbalski R.
Software Sustaining Engineer @ Canonical
Canonical Technical Services Engineering Team
More information about the Juju-dev
mailing list