[Bug 1519677] Re: add lxd backend

[Martin Pitt]

Some tests need to mount /proc (like pbuilder) or do bind mounts (like
nested LXC), so we need to relax the restrictions. As lxd containers are
unprivileged, the extra apparmor profile is merely a fallback security
layer; users should not be able to do any harm to the host in an unpriv
container.

Create profile without AppArmor:

  lxc profile create autopkgtest
  lxc profile show default | sed '/^name:/ s/default/autopkgtest/' | lxc profile edit autopkgtest
  lxc profile set autopkgtest raw.lxc lxc.aa_profile=unconfined

Start containers with:

   lxc launch images:ubuntu/xenial/amd64 x1 --profile autopkgtest

In that container bind mounts and mounting proc etc. works.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to autopkgtest in Ubuntu.
https://bugs.launchpad.net/bugs/1519677

Title:
  add lxd backend

Status in autopkgtest package in Ubuntu:
  Triaged

Bug description:
  LXD is the direction that the LXC project is moving towards, and it
  has several nice features that are helpful for autopkgtest: fast
  container creation with intelligent caching, support for local images
  (with autopkgtest modifications), and seamless support for remote
  containers.

  We need the latter for moving armhf testing into Scalingstack, as we
  don't have native armhf support there. We can create a big semi-
  permanent arm64 instance and then create armhf lxd containers  in
  that, and talk to them from the autopkgtest controller node in
  ProdStack using the arm64 instance as a remote. This cannot be done
  with either the ssh runner (that would need some rather complicated
  setup script) nor the lxc runner (I tried wrapping ssh around it, but
  the extra level of shell processing/quoting breaks stuff).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/autopkgtest/+bug/1519677/+subscriptions