Setting security.nesting "true" using a profile at instance creation


If I want to install nix-os shell into an ubuntu:focal container, I have to set security.nesting "true" to allow the install script to work

I have tried using this profile to set-up. Everything seems to work except setting security.nesting from the launch profile.

  nvidia.driver.capabilities: compute, utility
  nvidia.runtime: "true"
  security.nesting: "true"
  user.user-data: |
    package_upgrade: true
    locale: en_AU.UTF-8
    timezone: Australia/Sydney
       - ssh-rsa <...>
description: nix-shell profile
    type: gpu
name: nix-profile
- /1.0/instances/j1

I can set lxc config set $c1 security.nesting true successfully from the command line. It is never set true from the launch profile.

% lxc launch ubuntu:focal --profile default --profile nix-profile j1

help appreciated - thanks…

What’s the lxc config show --expanded j1 output?

Does lxc config get --expanded get you the right value?

Basically lxc config show and lxc config get without --expanded only show the local config of an instance, not the part of the config which was inherited from a profile.

Hi Stephane,
Yes I do get the expected value when I use the --expanded option.
The nix install works fine in new instances created with my profile.
Thanks very much!

Now to struggle with nix configuration :slight_smile:


% lxc config get j2 security.nesting --expanded