Commit graph

17 commits

Author SHA1 Message Date
Virgil Dupras
553f1b5ed0 lxc-template: make runnable by unprivileged users
lxc-template needlessly require root privileges in two places:

1. lock file location for `flock`
2. failing on `tar` failure during rootfs extraction

For `flock`, it's not necessary that the lock file be in `/var/lock`, it
can be anywhere. Why not put it in `LXC_PATH`?

For the failing `tar` thing, that's because some device are created with
`mknod` which unprivileged users can't do. These device, however, are
not necessary for the container to run well. We can ignore `tar`'s error
exit code.

I replaced the exist code check by a check for the existence of
`/bin/true` in rootfs. I think that it's a good indication of whether
the rootfs was extracted.

Why am I making this change? Because I'd like to add support for
unprivileged containers in `vagrant-lxc` but it's kind of a big change
to make at once, so I thought I'd go incrementally.
2017-12-09 19:36:54 -05:00
Cam Cope
62535b6465 Merge pull request #411 from ccope/preserve-xattrs
Preserve xattrs in container rootfs
2016-06-02 00:16:40 -07:00
Cam Cope
6dcf584b25 preserve xattrs 2016-05-11 16:54:12 -07:00
Keith Swett
d4e5122c6c Forward port latest pipework script 2016-04-26 19:52:57 +00:00
Robin Gloster
25d10cd3bc fix shebang in pipework 2015-09-08 20:54:29 +00:00
Robin Gloster
64240323f0 fix shebang in template 2015-08-02 09:58:36 +00:00
Fabio Rehm
447d0dfc42 Experimental support for private networking [GH-298] 2015-01-11 20:59:38 -02:00
Fabio Rehm
bf3a9a5039 action: Some more tweaks around private networking + new pipework code [GH-298] 2015-01-08 03:57:49 -02:00
Fabio Rehm
28bdbe371d Merge remote-tracking branch 'origin/private-networks' into next 2015-01-08 02:28:45 -02:00
Dan Post
96b2c7175a lxc-template: add parameter strip-components, as not all tarballs are created like ./rootfs/... 2014-08-25 11:57:54 -07:00
Fabio Rehm
d22d6588f8 scripts/private-network: Indent code 2014-06-09 00:25:41 -03:00
Fabio Rehm
0bd071f95d scripts/private-network: Remove Docker specifics 2014-06-09 00:21:01 -03:00
Fabio Rehm
044322d70f Vendor pipework as scripts/private-network 2014-06-09 00:20:10 -03:00
Fabio Rehm
4d45a4082b lxc-template: Write rootfs config to container config file when the fallback kicks in
Fix GH-282
2014-05-12 23:54:51 -03:00
Fabio Rehm
b210b260b1 lxc-template: Backport --rootfs fallback from old template [GH-282] 2014-05-07 17:34:00 -03:00
Fabio Rehm
ebdf50297f lxc-template: ensure /var/lock/subsys exists before creating lock 2014-03-14 00:32:47 -03:00
Fabio Rehm
4f49be03ad core: Make lxc-template optional [GH-254] 2014-03-14 00:32:03 -03:00