[lxc-devel] "pre-start" hooks and avahi

Chris Glass chris.glass at canonical.com
Fri Jan 10 17:18:12 UTC 2014


Hi all,

I'm currently hacking on a pre-start hook for the ubuntu and
ubuntu-cloud templates that automatically makes ubuntu containers
aware of squid-deb-proxy servers the host knows about.

For this, I assume the squid-deb-proxy-client package is installed on
the host. If you're not familiar with this package: it's basically a
custom squid config for deb files along with an avahi config to expose
an _apt_proxy._tcp service pointing to the squid.
I currently run a squid-deb-proxy in a container.

While running the avahi command on the host works fine (both as my
user and as root), it fails when run from a pre-start script, and my
knowledge of lxc is too limited to understand what could interfere
with it.

The failure:
Running "avahi-browse -kprt _apt_proxy._tcp" in a lxc.hook.pre-start
hook fails with "Failed to create client object: Access denied". It
succeeds when ran at a normal shell on the host.

A quick "whoami" in the same context yields "root", as expected, and
switching to an unconfined apparmor profile does not change anything,
so I suspect something more subtle is going on. How is the environment
on "pre-start" hooks different?

Could somebody shed some light here?

Background:
The reason for this is that I am a little frustrated to have to update
my LXC container's apt proxy settings every time my squid-deb-proxy
environment changes, and so this is an attempt at making this
automatic. If you are curious and want to see it for yourself, have a
look at [1], but please be aware that it's still work in progress.

Thanks a lot for your help,

- Chris

links:
--------
[1]: https://github.com/chrisglass/lxc/blob/make-lxc-squid-deb-proxy-aware/hooks/squid-deb-proxy-client


More information about the lxc-devel mailing list