Run lxc commands as non root by default#56
Conversation
|
Actually...lxd is the exception for us as all other clouds already execute non-root. This may actually simplify things for us 🙂 |
There was a problem hiding this comment.
Travis is failing as this will break cloud-init tests, but once canonical/cloud-init#664 lands it should be a one-line fix. Since we've pinned our pycloudlib version, I'm not concerned these failures.
lucasmoura
force-pushed
the
lxd-run-as-non-root
branch
from
e658551 to
08e3063
Compare
blackboxsw
left a comment
blackboxsw
left a comment
There was a problem hiding this comment.
Once canonical/cloud-init#694 lands, this looks good to land
lucasmoura
force-pushed
the
lxd-run-as-non-root
branch
from
09969f8 to
08e3063
Compare
OddBloke
left a comment
OddBloke
left a comment
There was a problem hiding this comment.
The conclusion we came to in canonical/cloud-init#664 was that pycloudlib should consistently execute commands as an unprivileged user by default. This aligns LXD with the other clouds in pycloudlib which use SSH.
OddBloke
left a comment
OddBloke
left a comment
There was a problem hiding this comment.
Per canonical/cloud-init#694 (comment), running commands as UID 1000 is not the same as running commands as self.username. I believe this will need modification to look up the UID of self.username before running lxc exec for the first time.
lucasmoura
force-pushed
the
lxd-run-as-non-root
branch
from
08e3063 to
a1c6e68
Compare
|
@OddBloke I have updated the code to get the The solution I have is to retry the |
lucasmoura
force-pushed
the
lxd-run-as-non-root
branch
from
a1c6e68 to
2e20e0f
Compare
4 participants
In ubuntu-advantage-tools, we require some LXD commands to be run as
non-root. This PR changes the default behavior of LXD to run exec commands as non-root.This will impact some
cloud-inittests, but we already have a PR to handle that