New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Run lxc commands as non root by default #56
Conversation
Actually...lxd is the exception for us as all other clouds already execute non-root. This may actually simplify things for us 🙂 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Travis is failing as this will break cloud-init tests, but once canonical/cloud-init#664 lands it should be a one-line fix. Since we've pinned our pycloudlib version, I'm not concerned these failures.
e658551
to
08e3063
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once canonical/cloud-init#694 lands, this looks good to land
09969f8
to
08e3063
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The conclusion we came to in canonical/cloud-init#664 was that pycloudlib
should consistently execute commands as an unprivileged user by default. This aligns LXD with the other clouds in pycloudlib which use SSH.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per canonical/cloud-init#694 (comment), running commands as UID 1000 is not the same as running commands as self.username
. I believe this will need modification to look up the UID of self.username
before running lxc exec
for the first time.
08e3063
to
a1c6e68
Compare
@OddBloke I have updated the code to get the The solution I have is to retry the |
a1c6e68
to
2e20e0f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
In ubuntu-advantage-tools, we require some LXD commands to be run as
non-root
. This PR changes the default behavior of LXD to run exec commands as non-root.This will impact some
cloud-init
tests, but we already have a PR to handle that