[lxc-users] Do nested containers require that unprivileged container creation be supported?

[Serge Hallyn]

Quoting Nels Nelson (nels.n.nelson at gmail.com):
> Greetings gentleusers and gentledevelopers,-
> 
> Okay, so the Fedora 20 discussion aside, please consider this:
> 
> # lxc-create -n outer -t minimal
> # lxc-start -n outer -- bash
> bash: cannot set terminal process group (-1): Inappropriate ioctl for device
> bash: no job control in this shell
> bash-4.2# lxc-create -n inner -t minimal
> lxc-create: No such file or directory - failed to create container path for
> inner
> lxc-create: Error creating container inner
> bash-4.2# ls /lib/var
> ls: cannot access /lib/var: No such file or directory
> bash-4.2# ls /var/lib
> empty
> bash-4.2# mkdir /var/lib/lxc
> bash-4.2# ls /var/lib
> empty  lxc
> bash-4.2# ls /var/lib/lxc
> bash-4.2# lxc-create -n inner -t minimal
> bash-4.2# ls /var/lib/lxc
> inner
> bash-4.2# lxc-ls
> inner
> 
> So, from this, it can be seen that the error I was experiencing had
> nothing to do with namespace capability of the operating system being
> used.
> 
> Instead, it was because for some reason, /var/lib/lxc does not exist
> inside the container "outer".
> 
> My question is, is this a bug?  Should lxc-create go ahead and create
> the necessary parent lxc directory when creating the "inner" container?
> Or is this strictly the responsibility of the creator of "outer"?

imo,

Since we allow you to specify an arbitrary lxcpath, we don't want
to create the lxcpath...  that could get very annoying in the case
of typos in a mass creation script.  I personally think it's reasonable
to expect you to make sure the lxcpath exists.  Lxc then will create
the container's own directory under the lxcpath.

In general the distro lxc package should be creating the system-default
lxcpath.  If you're not installing a distro pkg because you are doing
bindmounts from the host, then yeah you'll need to create it.

-serge