Quoting PONCET Anthony ([email protected]): > Le 29/01/2015 12:30, Serge Hallyn a écrit : > >Quoting PONCET Anthony ([email protected]): > >>Dear, > >>I'm using LXC on Ubuntu 14.04 (version : 1.0.7), with unprivileged > >>containers. > >>I try to use the lxc.network.script.up and lxc.network.script.down > >>for allow one container in my firewall (iptables/ip6tables). > >>I've allowed a user to execute /sbin/iptables and /sbin/ip6tables > >>with sudo, and if I run my script manually, it run without problem. > >>But when I started my container, my script doesn't run (I added > >>"echo "test" >> test.log" on top of the script and test.log never > >>created, and no rules added to iptables). > >>I used the veth network mode, and I added my user in /etc/lxc/lxc-usernet. > >>I define the lxc.logfile and lxc.loglevel = 1 but not error are logged. > >>Do you have an idea to solve my problem? > >Can you please show the exact commands you used to create and > >start the container, the container config file, the script > >contents, and the script file owner/mode (ls -l output)? > >_______________________________________________ > >lxc-users mailing list > >[email protected] > >http://lists.linuxcontainers.org/listinfo/lxc-users > Yes, > lxc-create -t download -n ct_name -- -d ubuntu -r trusty -a amd64
Yeah, sorry, i wasn't thinking right. The network up and down scripts do not work for unpriileged containers right now. You can create a container started by root but with lxc.id_map sections, so that the container will be unprivileged, but the startup runs as root. I'm undecided as to whether it is worth adding support for script.up/down for unpriv containers. -serge _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
