Hey all, I’m making a stab at writing a BOSH CPI with LXC/LXD as the provider. I’m at the point where a “VM” is being created, networking is being assigned, and the container starts up. However, the BOSH Agent tries to remount /dev/shm, and I’m not really certain how to handle it. What I’m seeing in the app logs are:
2018-12-28_20:22:27.66024 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Stderr:
2018-12-28_20:22:27.66027 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Successful: true (0)
2018-12-28_20:22:27.66032 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Running command 'mount /dev/shm -o remount -o noexec -o nodev -o nosuid'
2018-12-28_20:22:27.66122 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Stdout:
2018-12-28_20:22:27.66129 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Stderr: mount: cannot remount read-write, is write-protected
2018-12-28_20:22:27.66147 [Cmd Runner] 2018/12/28 20:22:27 DEBUG - Successful: false (32)
2018-12-28_20:22:27.66148 [main] 2018/12/28 20:22:27 ERROR - App setup Running bootstrap: Setting up Shared Memory: Shelling out to mount: Running command: 'mount /dev/shm -o remount -o noexec -o nodev -o nosuid', stdout: '', stderr: 'mount: cannot remount read-write, is write-protected
2018-12-28_20:22:27.66149 ': exit status 32
2018-12-28_20:22:27.66153 [main] 2018/12/28 20:22:27 ERROR - Agent exited with error: Running bootstrap: Setting up Shared Memory: Shelling out to mount: Running command: 'mount /dev/shm -o remount -o noexec -o nodev -o nosuid', stdout: '', stderr: 'mount: cannot remount read-write, is write-protected
2018-12-28_20:22:27.66154 ': exit status 32
I think strategically,
- I may be able to pre-configure this properly [assuming that the agent just won’t do anything in that case],
- Maybe I can enable the privs in the container enough so the agent (running as
rootof course) has the capabilities, - Possibly the bosh agent can be told to leave this alone via some config setting.
Currently, I’m setting security.privileged to be true, but that didn’t see to get me anywhere. 
Thanks for any suggestions!