Getting vagrant-lxc working on CircleCI (Ubuntu Trusty guest; Precise host). https://github.com/fgrehm/vagrant-lxc/issues/339

lxc-config

# Default pivot location
lxc.pivotdir = lxc_putold

# Default mount entries
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0

# Default console settings
#lxc.devttydir = lxc
lxc.tty = 4
lxc.pts = 1024

# Default capabilities
lxc.cap.drop = sys_module mac_admin mac_override sys_time

# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
#lxc.aa_profile = unconfined

# To support container nesting on an Ubuntu host while retaining most of
# apparmor's added security, use the following two lines instead.
#lxc.aa_profile = lxc-container-default-with-nesting
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups

# Uncomment the following line to autodetect squid-deb-proxy configuration on the
# host and forward it to the guest at start time.
#lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client

# If you wish to allow mounting block filesystems, then use the following
# line instead, and make sure to grant access to the block device and/or loop
# devices below in lxc.cgroup.devices.allow.
#lxc.aa_profile = lxc-container-default-with-mounting

# Default cgroup limits
#lxc.cgroup.devices.deny = a
## Allow any mknod (but not using the node)
#lxc.cgroup.devices.allow = c *:* m
#lxc.cgroup.devices.allow = b *:* m
## /dev/null and zero
#lxc.cgroup.devices.allow = c 1:3 rwm
#lxc.cgroup.devices.allow = c 1:5 rwm
## consoles
#lxc.cgroup.devices.allow = c 5:0 rwm
#lxc.cgroup.devices.allow = c 5:1 rwm
## /dev/{,u}random
#lxc.cgroup.devices.allow = c 1:8 rwm
#lxc.cgroup.devices.allow = c 1:9 rwm
## /dev/pts/*
#lxc.cgroup.devices.allow = c 5:2 rwm
#lxc.cgroup.devices.allow = c 136:* rwm
## rtc
#lxc.cgroup.devices.allow = c 254:0 rm
## fuse
#lxc.cgroup.devices.allow = c 10:229 rwm
## tun
#lxc.cgroup.devices.allow = c 10:200 rwm
## full
#lxc.cgroup.devices.allow = c 1:7 rwm
## hpet
#lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
#lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm

# User namespaces take care of these
lxc.cgroup.devices.deny =
lxc.cgroup.devices.allow =
lxc.devttydir =

# Use bind-mounts instead of mknods
lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0
lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0

# from https://github.com/lxc/lxc/issues/344
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
#lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0

# Extra fstab entries as mountall can't mount those by itself
lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0

lxc-template

#!/bin/bash

# This is a modified version of /usr/share/lxc/templates/lxc-download
# that comes with ubuntu-lxc 1.0.0 stable from ppa changed to suit vagrant-lxc needs
#
# Copyright © 2014 Stéphane Graber <[email protected]>
# Copyright © 2014 Fábio Rehm <[email protected]>
#
#  This library is free software; you can redistribute it and/or
#  modify it under the terms of the GNU Lesser General Public
#  License as published by the Free Software Foundation; either
#  version 2.1 of the License, or (at your option) any later version.

#  This library is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#  Lesser General Public License for more details.

#  You should have received a copy of the GNU Lesser General Public
#  License along with this library; if not, write to the Free Software
#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301
#  USA

set -eu

LXC_HOOK_DIR="/usr/share/lxc/hooks"
LXC_TEMPLATE_CONFIG="/usr/share/lxc/config"

LXC_MAPPED_GID=
LXC_MAPPED_UID=
LXC_NAME=
LXC_PATH=
LXC_ROOTFS=
LXC_TARBALL=
LXC_CONFIG=
LXC_STRIP_COMPONENTS=2

usage() {
    cat <<EOF
vagrant-lxc default template

Required arguments:
[ --tarball <path> ]: The full path of the rootfs tarball

Optional arguments:
[ --config ]: Configuration file to be used when building the container
[ -h | --help ]: This help message

LXC internal arguments (do not pass manually!):
[ --name <name> ]: The container name
[ --path <path> ]: The path to the container
[ --rootfs <rootfs> ]: The path to the container's rootfs
[ --mapped-uid <map> ]: A uid map (user namespaces)
[ --mapped-gid <map> ]: A gid map (user namespaces)
[ --strip-components <num> ]: Number of path components to strip from tarball
EOF
    return 0
}

options=$(getopt -o h -l tarball:,config:,help:,name:,path:,rootfs:,mapped-uid:,mapped-gid:,strip-components: -- "$@")SS

if [ $? -ne 0 ]; then
    usage $(basename $0)
    exit 1
fi
eval set -- "$options"

while true
do
    case "$1" in
        -h|--help)          usage $0 && exit 0;;
        --config)           LXC_CONFIG=$2; shift 2;;
        --tarball)          LXC_TARBALL=$2; shift 2;;
        --name)             LXC_NAME=$2; shift 2;;
        --path)             LXC_PATH=$2; shift 2;;
        --rootfs)           LXC_ROOTFS=$2; shift 2;;
        --mapped-uid)       LXC_MAPPED_UID=$2; shift 2;;
        --mapped-gid)       LXC_MAPPED_GID=$2; shift 2;;
        --strip-components) LXC_STRIP_COMPONENTS=$2; shift 2;;
        *)                  break;;
    esac
done

if [ -z "${LXC_NAME}" ]; then
    echo "'name' parameter is required"
    exit 1
fi

if [ -z "${LXC_TARBALL}" ]; then
    echo "'tarball' parameter is required"
    exit 1
fi

if [ -z "${LXC_PATH}" ]; then
    echo "'path' parameter is required"
    exit 1
fi

if [ -z "${LXC_CONFIG}" ]; then
    echo "'config' parameter is required"
    exit 1
fi

# if $LXC_ROOTFS exists here, it was passed in with --rootfs
if [ -z "${LXC_ROOTFS}" ]; then
    config=${LXC_PATH}/config
    if grep -q '^lxc.rootfs' $config 2>/dev/null ; then
        LXC_ROOTFS=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'`
    else
        LXC_ROOTFS=$LXC_PATH/rootfs
        echo "lxc.rootfs = ${LXC_ROOTFS}" >> $config
    fi
fi

# Unpack the rootfs
echo "Unpacking the rootfs"

mkdir -p /var/lock/subsys
(
    flock -x 200
    if [ $? -ne 0 ]; then
        echo "Cache repository is busy."
        exit 1
    fi

    mkdir -p ${LXC_ROOTFS}
    (cd ${LXC_ROOTFS} && tar xfz ${LXC_TARBALL} --strip-components=${LXC_STRIP_COMPONENTS} --exclude=./rootfs/dev --exclude=./rootfs/var/spool/postfix/dev)
    if [ $? -ne 0 ]; then
        echo "Failed to extract rootfs"
        exit 1
    fi

) 200>/var/lock/subsys/lxc

mkdir -p ${LXC_ROOTFS}/dev/pts/

## Extract all the network config entries
sed -i -e "/lxc.network/{w ${LXC_PATH}/config-network" -e "d}" \
    ${LXC_PATH}/config

## Extract any other config entry
sed -i -e "/lxc./{w ${LXC_PATH}/config-auto" -e "d}" ${LXC_PATH}/config

## Add the container-specific config
echo "" >> ${LXC_PATH}/config
echo "##############################################" >> ${LXC_PATH}/config
echo "# Container specific configuration (automatically set)" >> ${LXC_PATH}/config
if [ -e "${LXC_PATH}/config-auto" ]; then
    cat ${LXC_PATH}/config-auto >> ${LXC_PATH}/config
    rm ${LXC_PATH}/config-auto
fi
echo "lxc.utsname = ${LXC_NAME}" >> ${LXC_PATH}/config

## Re-add the previously removed network config
if [ -e "${LXC_PATH}/config-network" ]; then
    echo "" >> ${LXC_PATH}/config
    echo "##############################################" >> ${LXC_PATH}/config
    echo "# Network configuration (automatically set)" >> ${LXC_PATH}/config
    cat ${LXC_PATH}/config-network >> ${LXC_PATH}/config
    rm ${LXC_PATH}/config-network
fi

## Append the defaults
echo "" >> ${LXC_PATH}/config
echo "##############################################" >> ${LXC_PATH}/config
echo "# vagrant-lxc base box specific configuration" >> ${LXC_PATH}/config
cat ${LXC_CONFIG} >> ${LXC_PATH}/config

# Empty section for lxc.customize calls from vagrantfile
echo "" >> ${LXC_PATH}/config
echo "##############################################" >> ${LXC_PATH}/config
echo "# vagrant-lxc container specific configuration" >> ${LXC_PATH}/config

exit 0

vagrant-lxc-package.sh

#!/bin/bash
set -e

if [ $# -lt 1 ]; then
    echo -e "USAGE:\n  vagrant-lxc-package.sh output.box [...vagrant package args...]"
    exit 2
fi

BOXNAME=$1
shift  # eat it
TEMPNAME="lxc-tmp.$$"

# create the initial box
echo "Creating temporary box ($TEMPNAME) ..."
vagrant package --output "${TEMPNAME}.box" "$@"

echo "Updating vagrant-lxc metadata..."
# extract it
mkdir "$TEMPNAME"
tar xzf "${TEMPNAME}.box" -C "$TEMPNAME"

for F in "lxc-config" "lxc-template"; do
    if [ -e "$F" ]; then
        echo "  $F ..."
        cp -f "$F" "$TEMPNAME"
    fi
done

echo "Creating $BOXNAME ..."
rm "${TEMPNAME}.box"
tar czf "$BOXNAME" -C "$TEMPNAME" .
rm -rf "$TEMPNAME"

echo "All done :)"