I’m seeing something I don’t get, Still digging into it but I’m hoping for a good guess from somebody to speed me up.
The go-lcx stuff is working perfectly. Running as vagrant, it creates my unprivileged containers (tested via the handy examples). I log how its calling lxc.NewContainer so I can see what’s going on there.
The Nomad plugin is also using go-lxc, and is also calling lxc.NewContainer and I can see the args look good there too, but the npmad plugin is failing to create the container, and the detailed error makes it look like it can’t find the config file where I’ve got the id mapping. Why would nomad be unable to find the config file with my id mapping? Its in the standard location ~/.config/lxc/default. The error message even comes from suggest_default_idmap, which tells me to create the exact file i’ve already created in the same location.
For the case of Nomad, the plugin is being exec’d by the nomad agent, so there’s that. But the running plugin has the correct euid and egid. So its not an euid/egid problem.
Both are calling lxc.NewContainer. One of them fails. What can explain this difference?