[lxc-users] PATH set weirdly in an unprivileged container ?

Benoit Barthelet benoit.barthelet at gmail.com
Fri Mar 3 16:46:54 UTC 2017


mmm *--clear-env *indeed looks like what I was looking for, using it leads
to a "clean" PATH

Now shouldn't that be the default ?
This looks so weird to me to have a PATH with stuff from the host by
default, but again all this is new to me so that's just a comment like that
:)

thanks for the tip !

On Fri, Mar 3, 2017 at 5:39 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:

> On Fri, Mar 03, 2017 at 05:27:25PM +0100, Benoit Barthelet wrote:
> > Hello,
> >
> > It's my first few hours playing with containers so maybe there's
> something
> > I'm doing wrong or something I overlook, or both.
> >
> > I'm on debian stretch if that's relevant, using :
> >
> > ➜  ~ lxc-info --version
> > 2.0.7
> >
> > I set up an unprivileged container this way:
> >
> > ➜  ~ lxc-create -t download -n u1 -- -d ubuntu -r xenial -a amd64
> > Using image from local cache
> > Unpacking the rootfs
> >
> > ---
> > You just created an Ubuntu container (release=xenial, arch=amd64,
> > variant=default)
> >
> > To enable sshd, run: apt-get install openssh-server
> >
> > For security reason, container images ship without user accounts
> > and without a root password.
> >
> > Use lxc-attach or chroot directly into the rootfs to set a root password
> > or create user accounts.
> >
> > I then start it and attach:
> >
> > ➜  ~ lxc-start -n u1
> > ➜  ~ lxc-attach -n u1
> > root at u1:/# echo $PATH
> > /home/HOST_USER/bin:/usr/local/bin:/home/HOST_USER/
> Applications/.bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
>
> lxc-attach uses its own environment inside the container. There are a
> number of lxc-attach options to alter this behavior.
>
> >
> > Now as you can see /sbin is not in the PATH, which means any apt-get
> > install BLABLABLA ends up with the following error:
> >
> > dpkg: warning: 'ldconfig' not found in PATH or not executable
> > dpkg: warning: 'start-stop-daemon' not found in PATH or not executable
> > dpkg: error: 2 expected programs not found in PATH or not executable
> > Note: root's PATH should usually contain /usr/local/sbin, /usr/sbin and
> > /sbin
> > E: Sub-process /usr/bin/dpkg returned an error code (2)
> >
> > If I do the exact same commands with sudo, thus creating a NOT
> unprivileged
> > container, if I got it correctly, well the PATH is "correctly" set up, at
> > least /sbin is in it and I can apt-get install anything.
> >
> > When I say correctly I should say: the way I would expect it when I'm
> root.
> > That makes me think there's a subtlety about unprivileged container I
> don't
> > get.
> >
> > Asking in IRC, I got this answer, which works, I should use:
> >
> > ➜  ~ lxc-execute -n u1 -- /bin/bash --login
> >
> >
> > Now reading both man pages for attach and execute, at first glance they
> > seem to be doing the same except one spawn the instance while the other
> > doesn't and uses the one that is running.
> >
> > Again it's been only a few hours I'm playing with it.
> >
> > I don't get why in the case of the container created with sudo the PATH
> is
> > "correct", and not in the case of the unprivileged container.
> >
> > Is it intended ? It's kind of weird to be root in a machine and unable to
> > install a package because of the PATH, hence those questions.
> >
> > Looking at the templates, it seems they export that PATH
> >
> > ➜  ~ grep PATH /usr/share/lxc/templates/lxc-ubuntu
> > # Make sure the usual locations are in PATH
> > export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
> >
> > So the -t download switch doesn't use that ?
> >
> >
> > Thanks in advance
> >
> >
> > --
> > benoit barthelet
> > http://pgp.mit.edu/pks/lookup?op=get&search=0xF150E01A72F6D2EE
>
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>



-- 
benoit barthelet
http://pgp.mit.edu/pks/lookup?op=get&search=0xF150E01A72F6D2EE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170303/a8907228/attachment.html>


More information about the lxc-users mailing list