[lxc-users] Can not use unprivileged containers when login done via sudo
Ranjib Dey
dey.ranjib at gmail.com
Thu Mar 19 22:35:08 UTC 2015
Hello awesome folks,
I have encountered these lot of times, but got workaround by other means.
Now i have enough details that i can share, and i would like to know if
this is possible or not:
Following is my use case:
I am running unprivileged container as part of build /CI infrastructure, to
build and test a lot of tools. The CI agent is run as a normal user
(`gocd`), and i set up all container configuration ditto as stephan's blog
on unprivileged container (all stock config). Containers & builds using
them runs just fine. But if for any reason i want to diagnose a build i can
not manually create these containers. I do ssh login in the build agents
and change the user to `gocd` using `sudo su -`. But in this mode i cant
create containers. cat /proc/self/cgroup shows my original (ssh user)
cgroups instead of the `gocd` user. XDG_RUNTIME_DIR also holds my original
/run/user/xxx entry instead of the `gocd` user. If i set the
XDG_RUNTIME_DIR to correct value manually, i can create, stop or destroy
containers. But i can not start them.
After reading up more, I have learned systemd/logind setup these variable.
If I enable ssh auth against the `gocd` or build agent user all these
problems go away. But i dont want to setup ssh access for the build agents
just for diagnostic purposes.
So, is it possible at all to perform lxc operation as another user, using
`sudo su -`, where i logged in as a different user?
thanks in advance
ranjib
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150319/08bc1ec6/attachment.html>
More information about the lxc-users
mailing list