I have user on the server that wants to create container that have services
running in them. The users need to have the services runing at boot.
I want to keep user out of each other containers.
If a container is broken out of I would like to limit the damage to the user
running the container
The users do not have access /var/lib/lxc. I want to keep
the users in there own area. I was hoping that the user
could create the contains under there home dir and use
the lxc-autostart of unprivileged containers to start them.
This all works when the user is logged in. I was just looking to
start the containers at boot.
If there is not a easy way to handle this can you give me info
on what needs to happen with cgroups ?
I can then write a small set uid c program to setup the cgroups and then run
lxc-autostart.
I would also be willing to contribute the back to the lxc project if they find
it usefull.
On 08/19/2014 10:54 PM, Serge Hallyn wrote:
Right, cronjobs don't get a set of cgroups like a login session does.
Your use case here isn't quite clear to me though. Is there a good
reason not to simply use containers under /var/lib/lxc with lxc.id_maps?
Root can start those just fine and they can be autostarted like normal
privileged containers.
Otherwise, you'll simply need something with privilege to create and
chown cgroups for your user containers, and have the user scripts
which call lxc-autostart move themselves into the cgroups they own
first.
Quoting Mike Bernson ([email protected]):
That did not work.
I added the following line into cron for testing:
@reboot lxc-autostart -P /home/mike/.local/share/lxc -o /tmp/out
/tmp/out:
lxc-autostart 1408491952.652 ERROR lxc_cgmanager - call to
cgmanager_create_sync failed: invalid request
lxc-autostart 1408491952.652 ERROR lxc_cgmanager - Failed to create
hugetlb:mike-ssh
lxc-autostart 1408491952.652 ERROR lxc_cgmanager - Error creating cgroup
hugetlb:mike-ssh
lxc-autostart 1408491952.653 ERROR lxc_start - failed creating cgroups
lxc-autostart 1408491952.654 ERROR lxc_start - failed to spawn 'mike-ssh'
On 08/19/2014 06:02 PM, Michael H. Warfield wrote:
On Tue, 2014-08-19 at 16:43 -0400, Mike Bernson wrote:
I am running ubuntu 14.04 server.
I have a number of containers that are unprivileged containers for normal users
on the system. I am looking for a upstart scripts/config to start the
containers on boot.
The container do autostart correct if the user logs into the account and does
lxc-autostart.
It would ok to list the users or directories where the containers exists in
some /etc/defaults
config files so scripts do not have to search all users on the system.
IMHO, your best option there would be to use a user crontab.
crontab -e
@reboot lxc-autostart -P {path to user directory) -g {bootgroups}
Each user could then setup and control their own. I would not set up
something on a systemwide basis to scan the user directories. Here
there be dragons.
Regards,
Mike
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
