[lxc-users] lxc-2.0.1 can't start unprivileged container
Stéphane Graber
stgraber at ubuntu.com
Thu Jun 9 20:13:00 UTC 2016
On Thu, Jun 09, 2016 at 12:56:55PM -0700, Mike Wright wrote:
> On 06/09/2016 12:40 PM, Stéphane Graber wrote:
> >Sounds like your host /proc is over-mounted which triggers a protection
> >mechanism in the kernel that prevents an unprivileged user from mounting
> >it.
> >
> >Look in your host's /proc/mounts for any mountpoint under /proc, try
> >unmounting them one by one until you find the one that's triggering the
> >protection.
>
> Thanks Stéphane,
>
> Here's what's there:
>
> grep proc /proc/mounts:
>
> proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
>
> systemd-1 /proc/sys/fs/binfmt_misc autofs
> rw,relatime,fd=36,pgrp=1,timeout=0,minproto=5,maxproto=5,direct 0 0
>
> xenfs /proc/xen xenfs rw,relatime 0 0
>
> I don't think I can safely remove any of those. Any other ideas?
I don't expect either of use to be in active constant use, so you can
still try unmounting them temporarily.
An alternative is to mount /proc somewhere else on the host where it's
not hidden by those mounts.
For example:
- mkdir /mnt/proc
- mount -t proc proc /mnt/proc
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160609/6c601cb9/attachment.sig>
More information about the lxc-users
mailing list