Re: [lxc-users] Using predefined cgroups

2017-05-16 Thread Fajar A. Nugraha
On Wed, May 17, 2017 at 10:59 AM, Dr. Todor Dimitrov wrote: > I guess LXD would not be an option since we are talking about resource > constrained devices. The unprivileged user is actually used only for > namespacing purposes and not for actual logins. The power user starts a > “provisioning/boo

Re: [lxc-users] LXD launch fails

2017-05-16 Thread Fajar A. Nugraha
On Wed, May 17, 2017 at 7:59 AM, CLOSE Dave wrote: > Instructions modified to handle the company proxy per > and-configuring-lxd-212/>: > ># lxc config set core.proxy_http http://squid01.internal:3128 ># lxc config set core.pro

Re: [lxc-users] Using predefined cgroups

2017-05-16 Thread Jared Folkins
>The use case that we have in mind is to allow an unprivileged user run a preconfigured container, which configuration is only writable for power users. Ideally the unprivileged user should not be able to meddle with the cgroups or even create new containers. How I handle this is that my web appli

Re: [lxc-users] Using predefined cgroups

2017-05-16 Thread Dr. Todor Dimitrov
I guess LXD would not be an option since we are talking about resource constrained devices. The unprivileged user is actually used only for namespacing purposes and not for actual logins. The power user starts a “provisioning/bootstrapping" process as the unprivileged user, which in turn starts

Re: [lxc-users] LXD launch fails

2017-05-16 Thread Stéphane Graber
On Tue, May 16, 2017 at 05:59:19PM -0700, CLOSE Dave wrote: > Trying to run LXD on Fedora (25) using instructions from > : > ># dnf copr enable ganto/lxd ># dnf install lxd lxd-client lxd-tools ># usermod -a -G lxd ># echo "root:

[lxc-users] LXD launch fails

2017-05-16 Thread CLOSE Dave
Trying to run LXD on Fedora (25) using instructions from : # dnf copr enable ganto/lxd # dnf install lxd lxd-client lxd-tools # usermod -a -G lxd # echo "root:100:65536" >> /etc/subuid # echo "root:100:65536" >> /etc/subgi

Re: [lxc-users] Using predefined cgroups

2017-05-16 Thread Fajar A. Nugraha
On Tue, May 16, 2017 at 12:21 PM, Dr. Todor Dimitrov wrote: > My understanding is that the unprivileged user owning the container can > still alter the cgroups, right? > > You should really try lxd. e.g. https://linuxcontainers.org/lxd/try-it/ , or install it on your own ubuntu server/vm. > Th

Re: [lxc-users] lxc 2.0.7: sysvinit on the host breaks systemd based containers

2017-05-16 Thread Harald Dunkel
On 05/04/17 21:00, Serge E. Hallyn wrote: > > Sounds like just systemd refusing to boot because all cgroups are comounted? > Are you sure that reverting to 1.1.5 fixes it, and it's not a newer systemd > breaking it? > I did serveral tests with LXC 2.0.8 on the host and systemd on the client: Bot