[lxc-users] Autostart Unpriviledged Containers

Fajar A. Nugraha list at fajar.net
Fri Oct 9 06:18:01 UTC 2015


On Fri, Oct 9, 2015 at 7:19 AM, Paul Jones <spacefreak18 at gmail.com> wrote:
> I have tried this but for some reason I am having trouble.
>
> I have pastebins for my systemd unit file and the bash script it calls.
> http://pastebin.com/FLtLWaih
> http://pastebin.com/b9qM2a9J
>
> It appears as though it succesfully creates the cgroup "me", i see it, and i
> own it and have seemingly correct permission to it. But as my normal user I
> cannot move the current tty to that cgroup. I cannot even do it as root!


Try this:

(1) on top of /etc/sudoers:
Defaults        use_pty

Short version: with this, sudo will create new pty owned by the user.
Needed if you intend to run "screen" (or other stuff which needs
user-owned tty). Not needed if you only need to run "lxc-attach" or
"lxc-console".

(2) at the bottom of /etc/pam.d/sudo
session    optional     pam_loginuid.so
session    optional     pam_systemd.so

Short version: make pam_systemd create and use new cgroup owned by the
user when you run "sudo". With this, you can use "sudo" for
"lxc-autostart".

(3) on your script ("paul" is your username, right?)
/usr/bin/sudo -u paul -i -- /usr/bin/lxc-autostart

-- 
Fajar


More information about the lxc-users mailing list