manifests/lxc/unprivileged.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

class virtual::lxc::unprivileged {
  include virtual::lxc::base

  package { [
    'libvirt0',
    'libpam-cgroup',
    'libpam-cgfs',
  ]:
    ensure => present,
  }

  file { "/etc/sysctl.d/80-lxc-userns.conf":
    owner   => "root",
    group   => "root",
    mode    => '0644',
    ensure  => present,
    content => "kernel.unprivileged_userns_clone=1\n",
  }

  exec { "sysctl --system":
    user        => root,
    subscribe   => File["/etc/sysctl.d/80-lxc-userns.conf"],
    refreshonly => true,
  }

  # TODO: echo "$USER veth lxcbr0 1000"| sudo tee -i /etc/lxc/lxc-usernet
}