Hi all, I'm currently hacking on a pre-start hook for the ubuntu and ubuntu-cloud templates that automatically makes ubuntu containers aware of squid-deb-proxy servers the host knows about.
For this, I assume the squid-deb-proxy-client package is installed on the host. If you're not familiar with this package: it's basically a custom squid config for deb files along with an avahi config to expose an _apt_proxy._tcp service pointing to the squid. I currently run a squid-deb-proxy in a container. While running the avahi command on the host works fine (both as my user and as root), it fails when run from a pre-start script, and my knowledge of lxc is too limited to understand what could interfere with it. The failure: Running "avahi-browse -kprt _apt_proxy._tcp" in a lxc.hook.pre-start hook fails with "Failed to create client object: Access denied". It succeeds when ran at a normal shell on the host. A quick "whoami" in the same context yields "root", as expected, and switching to an unconfined apparmor profile does not change anything, so I suspect something more subtle is going on. How is the environment on "pre-start" hooks different? Could somebody shed some light here? Background: The reason for this is that I am a little frustrated to have to update my LXC container's apt proxy settings every time my squid-deb-proxy environment changes, and so this is an attempt at making this automatic. If you are curious and want to see it for yourself, have a look at [1], but please be aware that it's still work in progress. Thanks a lot for your help, - Chris links: -------- [1]: https://github.com/chrisglass/lxc/blob/make-lxc-squid-deb-proxy-aware/hooks/squid-deb-proxy-client _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
