[lxc-users] PATH set weirdly in an unprivileged container ?

Benoit Barthelet benoit.barthelet at gmail.com
Fri Mar 3 16:27:25 UTC 2017 

Hello,

It's my first few hours playing with containers so maybe there's something
I'm doing wrong or something I overlook, or both.

I'm on debian stretch if that's relevant, using :

➜  ~ lxc-info --version
2.0.7

I set up an unprivileged container this way:

➜  ~ lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64
Using image from local cache
Unpacking the rootfs

---
You just created an Ubuntu container (release=xenial, arch=amd64,
variant=default)

To enable sshd, run: apt-get install openssh-server

For security reason, container images ship without user accounts
and without a root password.

Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.

I then start it and attach:

➜  ~ lxc-start -n u1
➜  ~ lxc-attach -n u1
root at u1:/# echo $PATH
/home/HOST_USER/bin:/usr/local/bin:/home/HOST_USER/Applications/.bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games

Now as you can see /sbin is not in the PATH, which means any apt-get
install BLABLABLA ends up with the following error:

dpkg: warning: 'ldconfig' not found in PATH or not executable
dpkg: warning: 'start-stop-daemon' not found in PATH or not executable
dpkg: error: 2 expected programs not found in PATH or not executable
Note: root's PATH should usually contain /usr/local/sbin, /usr/sbin and
/sbin
E: Sub-process /usr/bin/dpkg returned an error code (2)

If I do the exact same commands with sudo, thus creating a NOT unprivileged
container, if I got it correctly, well the PATH is "correctly" set up, at
least /sbin is in it and I can apt-get install anything.

When I say correctly I should say: the way I would expect it when I'm root.
That makes me think there's a subtlety about unprivileged container I don't
get.

Asking in IRC, I got this answer, which works, I should use:

➜  ~ lxc-execute -n u1 -- /bin/bash --login


Now reading both man pages for attach and execute, at first glance they
seem to be doing the same except one spawn the instance while the other
doesn't and uses the one that is running.

Again it's been only a few hours I'm playing with it.

I don't get why in the case of the container created with sudo the PATH is
"correct", and not in the case of the unprivileged container.

Is it intended ? It's kind of weird to be root in a machine and unable to
install a package because of the PATH, hence those questions.

Looking at the templates, it seems they export that PATH

➜  ~ grep PATH /usr/share/lxc/templates/lxc-ubuntu
# Make sure the usual locations are in PATH
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin

So the -t download switch doesn't use that ?


Thanks in advance


-- 
benoit barthelet
http://pgp.mit.edu/pks/lookup?op=get&search=0xF150E01A72F6D2EE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170303/757fe76b/attachment.html>

More information about the lxc-users mailing list