Mojo: Continuous Delivery for Juju

"mojo project-new --container lxd" fails when ACLs aren't enabled

Bug #1649408 reported by William Grant
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mojo: Continuous Delivery for Juju
Triaged
Medium
Unassigned

Bug Description

"mojo project-new --container lxd" eventually calls setfacl to let the user in the container write to the bind-mounted project dir. But this fails with "Operation not supported" by default, since ACLs generally have to be explicitly enabled per filesystem.

When running services in LXD for development we generally use a UID mapping trick to have the container user use the parent user's UID. One way to do that is documented on https://dev.launchpad.net/Running/LXD. Not sure if that's appropriate here, or if you want to just check for and complain about lack of ACL support before half-creating the project.

When running mojo itself inside a nesting-capable LXD container on ZFS, something like "sudo zfs set acltype=posixacl ssd/containers/mojo-test" is sufficient to get the LXD container backend working. But https://github.com/zfsonlinux/zfs/issues/4177 is probably a concern on xenial.

Jacek Nykis (jacekn)
Changed in mojo:
status: New → Confirmed
status: Confirmed → Triaged
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.