[lxc-users] Problem with lxc.network.script...

Serge Hallyn serge.hallyn at ubuntu.com
Thu Jan 29 14:21:08 UTC 2015


Quoting PONCET Anthony (ff240 at msn.com):
> Le 29/01/2015 12:30, Serge Hallyn a écrit :
> >Quoting PONCET Anthony (ff240 at msn.com):
> >>Dear,
> >>I'm using LXC on Ubuntu 14.04 (version : 1.0.7), with unprivileged
> >>containers.
> >>I try to use the lxc.network.script.up and lxc.network.script.down
> >>for allow one container in my firewall (iptables/ip6tables).
> >>I've allowed a user to execute /sbin/iptables and /sbin/ip6tables
> >>with sudo, and if I run my script manually, it run without problem.
> >>But when I started my container, my script doesn't run (I added
> >>"echo "test" >> test.log" on top of the script and test.log never
> >>created, and no rules added to iptables).
> >>I used the veth network mode, and I added my user in /etc/lxc/lxc-usernet.
> >>I define the lxc.logfile and lxc.loglevel = 1 but not error are logged.
> >>Do you have an idea to solve my problem?
> >Can you please show the exact commands you used to create and
> >start the container, the container config file, the script
> >contents, and the script file owner/mode (ls -l output)?
> >_______________________________________________
> >lxc-users mailing list
> >lxc-users at lists.linuxcontainers.org
> >http://lists.linuxcontainers.org/listinfo/lxc-users
> Yes,
> lxc-create -t download -n ct_name -- -d ubuntu -r trusty -a amd64

Yeah, sorry, i wasn't thinking right.  The network up and down
scripts do not work for unpriileged containers right now.

You can create a container started by root but with lxc.id_map 
sections, so that the container will be unprivileged, but the
startup runs as root.

I'm undecided as to whether it is worth adding support for
script.up/down for unpriv containers.

-serge


More information about the lxc-users mailing list