[lxc-users] Starting unprivileged containers at boot
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Aug 20 02:54:58 UTC 2014
Right, cronjobs don't get a set of cgroups like a login session does.
Your use case here isn't quite clear to me though. Is there a good
reason not to simply use containers under /var/lib/lxc with lxc.id_maps?
Root can start those just fine and they can be autostarted like normal
privileged containers.
Otherwise, you'll simply need something with privilege to create and
chown cgroups for your user containers, and have the user scripts
which call lxc-autostart move themselves into the cgroups they own
first.
Quoting Mike Bernson (mike at mlb.org):
> That did not work.
>
> I added the following line into cron for testing:
> @reboot lxc-autostart -P /home/mike/.local/share/lxc -o /tmp/out
>
> /tmp/out:
> lxc-autostart 1408491952.652 ERROR lxc_cgmanager - call to cgmanager_create_sync failed: invalid request
> lxc-autostart 1408491952.652 ERROR lxc_cgmanager - Failed to create hugetlb:mike-ssh
> lxc-autostart 1408491952.652 ERROR lxc_cgmanager - Error creating cgroup hugetlb:mike-ssh
> lxc-autostart 1408491952.653 ERROR lxc_start - failed creating cgroups
> lxc-autostart 1408491952.654 ERROR lxc_start - failed to spawn 'mike-ssh'
>
> On 08/19/2014 06:02 PM, Michael H. Warfield wrote:
> >On Tue, 2014-08-19 at 16:43 -0400, Mike Bernson wrote:
> >>I am running ubuntu 14.04 server.
> >>I have a number of containers that are unprivileged containers for normal users
> >>on the system. I am looking for a upstart scripts/config to start the containers on boot.
> >>The container do autostart correct if the user logs into the account and does lxc-autostart.
> >>It would ok to list the users or directories where the containers exists in some /etc/defaults
> >>config files so scripts do not have to search all users on the system.
> >IMHO, your best option there would be to use a user crontab.
> >
> >crontab -e
> >
> >@reboot lxc-autostart -P {path to user directory) -g {bootgroups}
> >
> >Each user could then setup and control their own. I would not set up
> >something on a systemwide basis to scan the user directories. Here
> >there be dragons.
> >
> >Regards,
> >Mike
> >
> >
> >_______________________________________________
> >lxc-users mailing list
> >lxc-users at lists.linuxcontainers.org
> >http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list