On Mon, 13 Jan 2014 20:56:23 -0500 Stéphane Graber <stgra...@ubuntu.com> wrote:
[...] > > Yeah, I did a few last-minute changes. > > fstab is no longer required (only copied over if it's there). > > If the expiry file is messing, it's simply assumed that the container > won't expire. Nice, that makes sense. [...] > Now for Oracle, I guess it depends what's most useful for your users. > > Is there actually still a demand for 4.x? I thought at least RHEL 4.x > went out of support last year. > > In any case, I suspect that starting with the latest of each supported > release on i386 and amd64 is probably a good start. > We can then expand that to include popular minor releases, possibly > the last few 6.x? Yeah I think it makes sense to start with just x86_64 6.latest, and we'll see how it goes from there. > > One question I have on this is that the rootfs (at least that the > > Oracle template makes, not sure about others) isn't quite right > > since the host name will have already been injected into config > > files (for example /etc/hosts), but lxc-download wants to template > > them itself. Should we add a switch to the distro template so it > > knows when its being called to create a rootfs for lxc-download to > > put LXC_NAME in there instead the --name it was passed? > > So currently my build script (Jenkins job) will call the template > with: > - --rootfs=/build-lxc/container/LXC_NAME/rootfs > - --path=/build-lxc/container/LXC_NAME > - --name=LXC_NAME Oh yeah, doh! Clever, that should make it work fine. [...] > > I have not tried from a normal user account yet. Is it basically > > that you expect the template to be run by a normal user, but be > > running in a userns? Can you describe how mapped_uid is supposed to > > be set? Thanks! > -d oracle -r 6.5 -a x86_64 --server phocis/lxc-images --no-validate > Yeah, lxc-create basically does all the magic we need there. > When run as a user, it'll run the template in a userns mapped with the > container's range. > > $mapped_uid appears to be set to the uid in the userns which maps back > to the user's own uid outside of it and makes it possible to chown > files back to the actual user. So I had to dig into the source to see how I could get this to work, and tried passing a line like: lxc-create -P /home/dengen/ct -f /home/dengen/ct/dengen_id_map.conf -n ol65 -t download -- -d oracle -r 6.5 -a x86_64 --server lxchttp/lxc-images --no-validate where /home/dengen/ct/dengen_id_map.conf just has: lxc.id_map = u 0 100000 10000 lxc.id_map = g 0 100000 10000 in order to get mapped_uid in lxc-create to kick in. Sadly this didn't work because lxc.spec is still installing lxc-create (and a lot more) setuid, so the geteuid() check in create_run_template() isn't firing. So my question is: which lxc binaries are supposed to be installed setuid these days? Is it just lxc-user-nic? Once I know, I can go ahead and fixup lxc.spec. Thanks. _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel