[lxc-users] Something changed between 1.1.2 and 1.1.4 for unprivileged containers?

Fajar A. Nugraha list at fajar.net
Fri Oct 16 03:59:54 UTC 2015


On Fri, Oct 16, 2015 at 2:43 AM, Dirk Geschke <dirk at lug-erding.de> wrote:
> not lxd, it's plain lxc from linuxcontainers.org and compiled the
> same way as 1.1.2. To start I use as part of init-script, started
> by root:
>
>     /usr/local/bin/cgm create all ${CONTAINER}
>     /usr/local/bin/cgm chown all ${CONTAINER} `id -u $user` `id -g $user`
>     su - $user -c /usr/local/sbin/${CONTAINER}
>
> where the last line starts a shell script with the uid of the
> unprivileged user. Here all I do is:
>
>    /usr/local/bin/cgm movepid all ${CONTAINER} $$
>    lxc-start -n ${CONTAINER} -d
>
> So I move the user shell to the cgroups and start the container.
> That works fine with 1.1.2, but not with 1.1.4...

su (and sudo) by default does not assign a new tty. So your user ends
up with a tty owned by root, thus the tty-related errors.

I assume you can start the container just fine in a normal user ssh
session? If yes, try using "sudo -u $user -i
/usr/local/sbin/${CONTAINER}" (not su), but with "Defaults
use_pty" on top of your /etc/sudoers. That should assign a new tty
owned by the user.

-- 
Fajar


More information about the lxc-users mailing list