main: Fix systemd capabilities

Signed-off-by: Thomas Hipp <thomas.hipp@canonical.com>
lxc · Apr 21, 2021 · 6023d70 · 6023d70
1 parent a6ea76a
commit 6023d70
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/distrobuilder/main.go b/distrobuilder/main.go
@@ -63,6 +63,7 @@ import (
 	"strings"
 	"time"
 
+	lxd "github.com/lxc/lxd/shared"
 	"github.com/pkg/errors"
 	"github.com/spf13/cobra"
 	"go.uber.org/zap"
@@ -441,3 +442,18 @@ func getDefinition(fname string, options []string) (*shared.Definition, error) {
 
 	return &def, nil
 }
+
+func fixCapabilities() {
+	// Check if container has systemd
+	if !lxd.PathExists("/etc/systemd") {
+		return
+	}
+
+	os.MkdirAll("/etc/systemd/system/service.d", 0755)
+
+	content := `[Service]
+ProtectProc=default
+ProtectControlGroups=no
+`
+	ioutil.WriteFile("/etc/systemd/system/service.d/lxc.conf", []byte(content), 0644)
+}
diff --git a/distrobuilder/main_lxc.go b/distrobuilder/main_lxc.go
@@ -152,6 +152,8 @@ func (c *cmdLXC) run(cmd *cobra.Command, args []string, overlayDir string) error
 		}
 	}
 
+	fixCapabilities()
+
 	exitChroot()
 
 	err = img.Build()

diff --git a/distrobuilder/main_lxd.go b/distrobuilder/main_lxd.go
@@ -315,6 +315,10 @@ func (c *cmdLXD) run(cmd *cobra.Command, args []string, overlayDir string) error
 		}
 	}
 
+	if !c.flagVM {
+		fixCapabilities()
+	}
+
 	exitChroot()
 
 	// Unmount VM directory and loop device before creating the image.