Thanks for your answer. Indeed, it only needs to be done at login and
this is my problem. Your solutions work well but all need to login at
least one time for each user with unprivileged containers.
I admit that my question was not clear :-° My goal is to autostart the
unprivileged containers when the machine starts, i.e. before any user
can login.
I have seen solutions based cgm with Ubuntu on internet, maybe it works
on Debian Jessie too... I have to try harder or change to Ubuntu server ;-)
Xavier
Le 05/02/2015 16:56, Serge Hallyn a écrit :
Quoting Xavier Gendre ([email protected]):
Hi,
following the hints given by Serge Hallyn on the lxc-devel list, I
managed to run an unprivileged container on my Debian Jessie \o/
Now, I want to avoid handlings and get it works on startup. Thus, I
set permanently kernel.unprivileged_userns_clone to 1 and I create a
systemd service to run the following script:
#!/bin/bash
echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children
# Allowed users
lxc_users="user1 user2"
for u in $lxc_users; do
for d in /sys/fs/cgroup/*; do
mkdir -p $d/$u
chown -R $u: $d/$u
done
done
The only thing that I need now is to put a 'good' PID in the tasks
files in order to be allowed to start my unprivileged containers. I
can do that by login as an allowed user and by putting the PID of
the current shell in my tasks file. But this solution is volatile
and has to be done on each startup for each container :-/
No, it only needs to be done at login right? You've already chowned
the cgroups to your user, so you should be able to just do it from
your .bashrc or equivalent. Or, you could whip up a quick pam module
to do it.
Is my approach good? Maybe there is a simpler solution to my
problem... If this is the way, how can I put a valid PID in the
tasks files of the allowed users on startup in order, for example,
to autostart some unprivileged containers?
Thanks,
Xavier
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
