New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
any way to pass raw.lxc arguments? #11
Comments
I do allow config to be passed so if LCD allows it, then pretty sure it On Aug 26, 2016 7:42 AM, "Julien" notifications@github.com wrote:
|
it seems also profile definition has changed
gets
I suppose it is now security.privileged=true but how to pass it to the driver? thanks |
I'll test the profile thing and see if I can get it to work. I'll try to find time soon b/c I don't think it will take me very long but we have some work outages that have been going on, so I haven't had much time. For turning on security privilege it is just that config option like you mention and you can set it like:
Which you can see in the debug info:
and on the container info:
So config options seem to be working properly. |
Profiles seem to work properly as well. That error says the profile doesn't exist.... do you see it when you run B/c just like config when profile both string and array work.
But when I try a profile that doesn't exist on the system like I get the same error
|
You can pass lxc.raw arguments as long as you can on the cli. If The only thing I can think of that could cause a bug would be if you are using an ipv4 config option I set raw options, can't say for sure if they overwrite or not. I know create raw.lxc arguments are blocked by lxd.r Hopefully that give you enough to go on, otherwise maybe search the lxd github for stuff about raw.lxc arguments. Let me know how things go, and I'll help more if its quick/I can otherwise I'll take more of a look but don't know how much time I'll have this week. |
so for now, security.privileged: "true" globally is working fine. for docker.io install, I had to set both privileged and profile which is not consistent with for httpd/centos7, I would prefer to remove privileged and just add cap config in kitchen but for now not possible it seems. |
Hello Brad, Had you time to take a look on capability config? Thanks |
I'll try to mess with it this week. For a workaround you can probably make a profile with the config and pass the profile to kitchen there an option for that. |
I'll try to spend sometime tonight/this week. |
So fyi at least this works:
|
It does look if you try to set something like an ip or a gateway that you aren't able to set a raw config setting. I incorrectly overwrite it. So I'll leave this open to try and fix that. |
Thanks a lot @bradenwright
but sadly, I need it in the reverse way, drop all but setfcap (https://bugzilla.redhat.com/attachment.cgi?id=804061&action=diff) and it seems spaces may be an issue here.
first case should be correct but for some reason, network is lost while in use. If I do without any special config, initialization is correct
strangely, I still got at httpd install
same result with dropping all capabilities
rechecking through lxc issue it seems there is no alternative to privileged true unlike redhat bug thread was suggesting :( Only tradeoff, I moved the config privileged from global to just centos platform. to summarize, outside of a possible space issue, option is available and not much more to do currently. Thanks a lot Braden! |
I have fallen on a common issue of container with httpd install on centos requiring some capabilities
a workaround is already documented
https://lists.linuxcontainers.org/pipermail/lxc-users/2014-June/007085.html
It doesn't seem possible to use as an official config so need to use raw.lxc
https://github.com/lxc/lxd/issues/1982
any way to pass that inside kitchen? per platform as only centos but probably other case than can apply to each one.
Thanks
The text was updated successfully, but these errors were encountered: