Re: [lxc-users] lxc-autostart, systemd and cgroups

On 20/01/16 23:57, Fajar A. Nugraha wrote: > Yep. I don't know when it was fixed, but my test system works fine. This is > after a reboot: > > root@debian:~# lxc-ls -f > NAME STATEIPV4IPV6 GROUPS AUTOSTART > -- > c1RUNNING 10.0.3.

Re: [lxc-users] lxc-autostart, systemd and cgroups

On 20/01/16 19:20, Carlos Alberto Lopez Perez wrote: > > After more testing, this only seems reproducible when booting. > And is not a race condition (I thought that maybe the cgroup fs were not mounted when lxc-autostart-helper was executed). So, I have tested to put a sleep of 30 s

Re: [lxc-users] lxc-autostart, systemd and cgroups

On 20/01/16 18:59, Carlos Alberto Lopez Perez wrote: > Hello, > > I've found that when lxc-autostart is executed via systemd, the cgroups > assigned to the container are wrong for some control groups. > > See the following two examples: > > 1. Container started via

[lxc-users] lxc-autostart, systemd and cgroups

Hello, I've found that when lxc-autostart is executed via systemd, the cgroups assigned to the container are wrong for some control groups. See the following two examples: 1. Container started via systemd (/lib/systemd/system/lxc.service unit that calls lxc-autostart). # cat /proc/${pidofsomepr

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

On 11/01/16 23:36, Serge Hallyn wrote: > The lxc-attach weakness I mentioned does not apply to 'lxc exec', because > lxd interposes a pty between your console and the container's. I understand that I could do the same (get a fresh PTY before attaching) with (for example): "screen lxc-attach ..." [

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

On 11/01/16 23:13, Serge Hallyn wrote: > Quoting david.an...@bli.uzh.ch (david.an...@bli.uzh.ch): >> Hmm, this is interesting. >> I am runnung my container from the unprivileged user 'lxduser' and yet: >> >> root@qumind:~# ps -ef | grep '[l]xc monitor' >> root 7609 1 0 11:54 ?00:

Re: [lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

On 08/01/16 19:58, Serge Hallyn wrote: > Quoting Carlos Alberto Lopez Perez (clo...@igalia.com): >> Hi, >> >> >> Suppose that we create an unprivileged container as root (using the >> download template or manually converting it with uidmapshift). >> >

Re: [lxc-users] Status: Debian Jessie support for unprivileged containers?

On 13/10/15 12:11, Xavier Gendre wrote: > > You can run unprivileged Jessie container in a Jessie host. The point is > that the container fails to start mainly because of systemd in the > Jessie container. > > To tackle that problem, i create a custom image of Jessie without > systemd and it runs

[lxc-users] is starting unprivileged containers as root as secure as running them as any other user?

Hi, Suppose that we create an unprivileged container as root (using the download template or manually converting it with uidmapshift). Such container config will contain (for example) the following maps: lxc.id_map = u 0 10 65536 lxc.id_map = g 0 10 65536 And root would be also allowed

Re: [lxc-users] systemd breaks LXC cgroup memory limitations

Just CC'ing the Debian LXC maintainer and the upstream LXC mailing lists. I guess they may find relevant this bug. https://bugs.debian.org/793372 Regards. On 23/07/15 13:57, Pablo Abelenda wrote: > Package: systemd > Version: 215-17+deb8u1 > Severity: important > > Dear Maintainer, > > I have