[lxc-devel] Quick questions and feedback about `lxc-start`
Daniel Lezcano
dlezcano at fr.ibm.com
Sun Jan 10 03:20:55 UTC 2010
Ciprian Dorin, Craciun wrote:
> Yup, me bothering you guys again! :)
>
> So from what I've seen, `lxc-create` does nothing more than
> copying the rcfile in a place well-known by `lxc-start`. Thus I
> assumed that I could just ignore `lxc-create`, and just call
> `lxc-start` with the `--rcfile` argument. Is my assumption correct?
Correct.
> (Will the behavior likely change in the future?)
It should not.
> The same for `lxc-delete`, it seems that it only deletes the
> folder for the config and state files.
Correct (s/lxc-delete/lxc-destroy).
> And one feature request from me: would it be welcomed (I could
> contribute the code if wanted) to allow the `lxc-start` tool to change
> the user and group of the new launched process?
Hmm, that needs to be clearly defined wrt the user namespace semantic.
https://lists.linux-foundation.org/pipermail/containers/2010-January/022426.html
> For now I use `sudo`, and not the file capabilities, to run
> `lxc-start`, and I would like to be able to run the new process as me
> (without requiring a custom launcher inside the container). For
> example: `sudo -- lxc-start --name test --rcfile ./name.conf --uid
> "$UID" --gid "$GID" -- /bin/bash`
>
> (Even if I were using the capabilities, when root wants to run
> `lxc-start` he maybe would like to drop his UID and GID (for example
> starting daemons in a new context).)
I think we should postpone this and wait and see how the user namespace
will be implemented.
Thanks
-- Daniel
More information about the lxc-devel
mailing list