[lxc-users] Autostart Unpriviledged Containers

Paul Jones spacefreak18 at gmail.com
Fri Oct 9 21:20:15 UTC 2015 

I would also like to note that when I run the script I created through the
bash interpreter from tty it works just fine. Exactly as intended. I can
then switch back to my user and move the tty to my new cgroup.

The only time it doesn't work is when I attempt to call it from the systemd
unit.

It says i own the cgroup, but it is almost like I do not. Very weird.

I can use sudo, but it isn't my preferred method. Also it has the same
issue if I try to run it via the systemd unit.

On Fri, Oct 9, 2015 at 2:18 AM, Fajar A. Nugraha <list at fajar.net> wrote:

> On Fri, Oct 9, 2015 at 7:19 AM, Paul Jones <spacefreak18 at gmail.com> wrote:
> > I have tried this but for some reason I am having trouble.
> >
> > I have pastebins for my systemd unit file and the bash script it calls.
> > http://pastebin.com/FLtLWaih
> > http://pastebin.com/b9qM2a9J
> >
> > It appears as though it succesfully creates the cgroup "me", i see it,
> and i
> > own it and have seemingly correct permission to it. But as my normal
> user I
> > cannot move the current tty to that cgroup. I cannot even do it as root!
>
>
> Try this:
>
> (1) on top of /etc/sudoers:
> Defaults        use_pty
>
> Short version: with this, sudo will create new pty owned by the user.
> Needed if you intend to run "screen" (or other stuff which needs
> user-owned tty). Not needed if you only need to run "lxc-attach" or
> "lxc-console".
>
> (2) at the bottom of /etc/pam.d/sudo
> session    optional     pam_loginuid.so
> session    optional     pam_systemd.so
>
> Short version: make pam_systemd create and use new cgroup owned by the
> user when you run "sudo". With this, you can use "sudo" for
> "lxc-autostart".
>
> (3) on your script ("paul" is your username, right?)
> /usr/bin/sudo -u paul -i -- /usr/bin/lxc-autostart
>
> --
> Fajar
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>



-- 
Time To Get an EKG, G!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151009/a18a3f8f/attachment.html>

More information about the lxc-users mailing list