© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Avahi is setting some rather strict rlimits which affect everything which uses that kernel uid, crossing container boundaries and so breaking containers.
Unfortunately MAAS requires a privileged container right now, so you can't resort to uid mapping to avoid this problem. At the LXD level, all we can do to avoid this problem is to allow you to have one distinct id map per container, which we already support. But that's only going to work for unprivileged containers.
One fix could be to tweak our avahi to relax or if not that useful, entirely remove those rlimits as it's a rather frequent pain point and I'm not sure of the benefit of those rlimits in the first place.
Another fix would be to not have MAAS depend on avahi and let you install and run it without avahi, which is effectively what Brian's instructions do (as they disable avahi-daemon in the container).
Marking the LXD task Invalid, as we're already doing all we can in this regard by supporting non-overlapping id maps for unprivileged containers.