[Bug 1257389] Re: cannot run maas inside lxc container

Scott Moser smoser at ubuntu.com
Tue Dec 3 17:42:25 UTC 2013 

In the interest of having all the info ccontained in this bug, below is
what I had written in the ask-ubuntu response.

You can allow your lxc container to do mounts of ext2, ext3, or ext4
filesystems in one of 2 ways. The simplist is to just add the following
to the lxc config (/var/lib/lxc/$NAME/config):

lxc.aa_profile = unconfined
lxc.cgroup.devices.allow = b 7:* rwm
lxc.cgroup.devices.allow = c 10:237 rwm

A much more restrictive solution that still grants the necessary
permissions is to do the following:

$ sudo tee /etc/apparmor.d/lxc/lxc-custom-mounts <<EOF
# copied and modified from /etc/apparmor.d/lxc/lxc-default
profile lxc-container-extx-mounts flags=(attach_disconnected,mediate_deleted) {
  #include <abstractions/lxc/container-base>
  mount fstype=ext4 -> /**,
  mount fstype=ext3 -> /**,
  mount fstype=ext2 -> /**,
}
EOF

# reload the lxc-containers profile
$ sudo apparmor_parser --replace /etc/apparmor.d/lxc-containers

$ sudo lxc-create -t ubuntu-cloud -n source-saucy-amd64 --
--release=saucy --arch=amd64

$ name="test1"
$ cfg=/var/lib/lxc/$name/config;
$ sudo lxc-clone -o source-saucy-amd64 -n "$name"

## modify the config to use the profile created above
$ sudo grep "#allow-loop" "$cfg" || sudo tee -a "$cfg" <<EOF
#allow-loop
lxc.aa_profile = lxc-container-extx-mounts
lxc.cgroup.devices.allow = b 7:* rwm
lxc.cgroup.devices.allow = c 10:237 rwm
EOF


** Also affects: lxc (Ubuntu)
   Importance: Undecided
       Status: New

** Also affects: maas
   Importance: Undecided
       Status: New

** Changed in: maas
       Status: New => Confirmed

** Changed in: lxc (Ubuntu)
       Status: New => Confirmed

** Changed in: maas (Ubuntu)
       Status: New => Confirmed

** Summary changed:

- cannot run maas inside lxc container
+ cannot run maas-cluster-controller inside lxc container

** Summary changed:

- cannot run maas-cluster-controller inside lxc container
+ cannot run maas-import-ephemerals inside lxc container

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to maas in Ubuntu.
https://bugs.launchpad.net/bugs/1257389

Title:
  cannot run maas-import-ephemerals inside lxc container

To manage notifications about this bug go to:
https://bugs.launchpad.net/maas/+bug/1257389/+subscriptions

More information about the Ubuntu-server-bugs mailing list