<div dir="ltr"><div><div><div><div><div>Thank you so much for help.<br><br></div>Yeah,i'm <i> behind a firewall. <br></i></div>I'm trying to test your solution<i>:<br>1) </i><br><i> <b>is to download the key using wget or curl<br><br></b></i></div><i><b>--------> Where can i find the key please ?<br><br></b></i></div>Thanks a lot.<br></div>Best Regards. <br></div><div class="gmail_extra"><br><div class="gmail_quote">2014-12-15 13:00 GMT+01:00 <span dir="ltr"><<a href="mailto:lxc-users-request@lists.linuxcontainers.org" target="_blank">lxc-users-request@lists.linuxcontainers.org</a>></span>:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Send lxc-users mailing list submissions to<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:lxc-users-request@lists.linuxcontainers.org">lxc-users-request@lists.linuxcontainers.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:lxc-users-owner@lists.linuxcontainers.org">lxc-users-owner@lists.linuxcontainers.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of lxc-users digest..."<br>
<br>Today's Topics:<br>
<br>
1. systemd-based unprivileged containers (Christian Brauner)<br>
2. Re: Ubuntu Trusty Tahr 14.04 LTS (Eric Keller)<br>
<br><br>---------- Message transféré ----------<br>From: Christian Brauner <<a href="mailto:christianvanbrauner@gmail.com">christianvanbrauner@gmail.com</a>><br>To: <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>Cc: <br>Date: Sun, 14 Dec 2014 14:51:57 +0100<br>Subject: [lxc-users] systemd-based unprivileged containers<br>Hello,<br>
<br>
I'm using unprivileged lxc containers. Currently I'm trying to use<br>
Debian Jessie. Which provides me with a few riddles. When I start the<br>
container I get two error messages:<br>
<br>
[chb@conventiont ~]$ lxc-start -n jessie -l DEBUG -o jessie<br>
lxc-start: conf.c: mk_devtmpfs: 1318 Permission denied - Unable to<br>
create /dev/.lxc for autodev<br>
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not<br>
permitted<br>
<br>
1) "lxc-start: conf.c: mk_devtmpfs: 1318 Permission denied - Unable to<br>
create /dev/.lxc for autodev": I understand that unprivileged containers<br>
do not have permissions to set up folders under /dev. Is there a<br>
recommended way to solve this problem?<br>
<br>
2) "Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not<br>
permitted": What is goin on here and how can I solve this?<br>
<br>
Here is the error log (container config files below):<br>
<br>
lxc-start 1418564089.500 INFO lxc_start_ui - lxc_start.c:main:265 - using rcfile /home/chb/.local/share/lxc/jessie/config<br>
lxc-start 1418564089.500 INFO lxc_confile - confile.c:config_idmap:1325 - read uid map: type u nsid 0 hostid 100000 range 65536<br>
lxc-start 1418564089.500 INFO lxc_confile - confile.c:config_idmap:1325 - read uid map: type g nsid 0 hostid 100000 range 65536<br>
lxc-start 1418564089.501 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized<br>
lxc-start 1418564089.502 WARN lxc_cgmanager - cgmanager.c:cgm_get:954 - do_cgm_get exited with error<br>
lxc-start 1418564089.503 DEBUG lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/2' (5/6)<br>
lxc-start 1418564089.503 DEBUG lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/3' (7/8)<br>
lxc-start 1418564089.503 DEBUG lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/4' (9/10)<br>
lxc-start 1418564089.503 DEBUG lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/5' (11/12)<br>
lxc-start 1418564089.503 INFO lxc_conf - conf.c:lxc_create_tty:3676 - tty's configured<br>
lxc-start 1418564089.503 DEBUG lxc_start - start.c:setup_signal_fd:247 - sigchild handler set<br>
lxc-start 1418564089.503 DEBUG lxc_console - console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer<br>
lxc-start 1418564089.503 DEBUG lxc_console - console.c:lxc_console_peer_default:506 - using '/dev/tty' as console<br>
lxc-start 1418564089.503 DEBUG lxc_console - console.c:lxc_console_sigwinch_init:179 - 2708 got SIGWINCH fd 17<br>
lxc-start 1418564089.503 DEBUG lxc_console - console.c:lxc_console_winsz:88 - set winsz dstfd:14 cols:84 rows:49<br>
lxc-start 1418564089.912 INFO lxc_start - start.c:lxc_init:443 - 'jessie' is initialized<br>
lxc-start 1418564089.912 DEBUG lxc_start - start.c:__lxc_start:1058 - Not dropping cap_sys_boot or watching utmp<br>
lxc-start 1418564089.912 INFO lxc_start - start.c:lxc_spawn:802 - Cloning a new user namespace<br>
lxc-start 1418564089.912 INFO lxc_cgroup - cgroup.c:cgroup_init:62 - cgroup driver cgmanager initing for jessie<br>
lxc-start 1418564090.110 NOTICE lxc_start - start.c:do_start:656 - switching to gid/uid 0 in new user namespace<br>
lxc-start 1418564090.116 DEBUG lxc_conf - conf.c:setup_rootfs:1611 - mounted '/home/chb/.local/share/lxc/jessie/rootfs' on '/usr/lib/lxc/rootfs'<br>
lxc-start 1418564090.116 INFO lxc_conf - conf.c:setup_utsname:900 - 'jessie' hostname has been setup<br>
lxc-start 1418564090.116 DEBUG lxc_conf - conf.c:setup_hw_addr:2557 - mac address '00:16:3e:3a:f1:12' on 'eth0' has been setup<br>
lxc-start 1418564090.116 DEBUG lxc_conf - conf.c:setup_netdev:2784 - 'eth0' has been setup<br>
lxc-start 1418564090.116 INFO lxc_conf - conf.c:setup_network:2805 - network has been setup<br>
lxc-start 1418564090.116 DEBUG lxc_conf - conf.c:check_autodev:3906 - Set exec command to /sbin/init<br>
lxc-start 1418564090.116 INFO lxc_conf - conf.c:check_autodev:3920 - Container with systemd init detected - enabling autodev!<br>
lxc-start 1418564090.116 INFO lxc_conf - conf.c:mount_autodev:1418 - Mounting /dev under /usr/lib/lxc/rootfs<br>
lxc-start 1418564090.116 ERROR lxc_conf - conf.c:mk_devtmpfs:1318 - Permission denied - Unable to create /dev/.lxc for autodev<br>
lxc-start 1418564090.116 DEBUG lxc_conf - conf.c:mount_check_fs:1250 - entering mount_check_fs for /home/chb/.local/share/lxc/jessie/rootfs.dev<br>
lxc-start 1418564090.116 DEBUG lxc_conf - conf.c:mount_autodev:1449 - Mounting tmpfs to /home/chb/.local/share/lxc/jessie/rootfs.dev<br>
lxc-start 1418564090.117 INFO lxc_conf - conf.c:mount_autodev:1476 - Mounted /dev under /usr/lib/lxc/rootfs<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2106 - mounted 'proc' on '/usr/lib/lxc/rootfs/proc', type 'proc'<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2106 - mounted 'sysfs' on '/usr/lib/lxc/rootfs/sys', type 'sysfs'<br>
lxc-start 1418564090.117 INFO lxc_conf - conf.c:mount_entry:2045 - failed to mount '/sys/fs/fuse/connections' on '/usr/lib/lxc/rootfs/sys/fs/fuse/connections' (optional): No such file or directory<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2056 - remounting /dev/console on /usr/lib/lxc/rootfs/dev/console to respect bind or remount options<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2071 - (at remount) flags for /dev/console was 4098, required extra flags are 2<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2106 - mounted '/dev/console' on '/usr/lib/lxc/rootfs/dev/console', type 'none'<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2056 - remounting /dev/full on /usr/lib/lxc/rootfs/dev/full to respect bind or remount options<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2071 - (at remount) flags for /dev/full was 4098, required extra flags are 2<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2106 - mounted '/dev/full' on '/usr/lib/lxc/rootfs/dev/full', type 'none'<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2056 - remounting /dev/null on /usr/lib/lxc/rootfs/dev/null to respect bind or remount options<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2071 - (at remount) flags for /dev/null was 4098, required extra flags are 2<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2106 - mounted '/dev/null' on '/usr/lib/lxc/rootfs/dev/null', type 'none'<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2056 - remounting /dev/random on /usr/lib/lxc/rootfs/dev/random to respect bind or remount options<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2071 - (at remount) flags for /dev/random was 4098, required extra flags are 2<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2106 - mounted '/dev/random' on '/usr/lib/lxc/rootfs/dev/random', type 'none'<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2056 - remounting /dev/tty on /usr/lib/lxc/rootfs/dev/tty to respect bind or remount options<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2071 - (at remount) flags for /dev/tty was 4098, required extra flags are 2<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2106 - mounted '/dev/tty' on '/usr/lib/lxc/rootfs/dev/tty', type 'none'<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2056 - remounting /dev/urandom on /usr/lib/lxc/rootfs/dev/urandom to respect bind or remount options<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2071 - (at remount) flags for /dev/urandom was 4098, required extra flags are 2<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2106 - mounted '/dev/urandom' on '/usr/lib/lxc/rootfs/dev/urandom', type 'none'<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2056 - remounting /dev/zero on /usr/lib/lxc/rootfs/dev/zero to respect bind or remount options<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2071 - (at remount) flags for /dev/zero was 4098, required extra flags are 2<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:mount_entry:2106 - mounted '/dev/zero' on '/usr/lib/lxc/rootfs/dev/zero', type 'none'<br>
lxc-start 1418564090.117 INFO lxc_conf - conf.c:mount_file_entries:2355 - mount points have been setup<br>
lxc-start 1418564090.117 INFO lxc_conf - conf.c:setup_autodev:1504 - Creating initial consoles under /usr/lib/lxc/rootfs/dev<br>
lxc-start 1418564090.117 INFO lxc_conf - conf.c:setup_autodev:1512 - Populating /dev under /usr/lib/lxc/rootfs<br>
lxc-start 1418564090.117 INFO lxc_conf - conf.c:setup_autodev:1527 - Populated /dev under /usr/lib/lxc/rootfs<br>
lxc-start 1418564090.117 INFO lxc_conf - conf.c:setup_dev_console:1836 - console has been setup<br>
lxc-start 1418564090.117 INFO lxc_conf - conf.c:setup_tty:1027 - 4 tty(s) has been setup<br>
lxc-start 1418564090.117 INFO lxc_conf - conf.c:do_tmp_proc_mount:3970 - I am 1, /proc/self points to '1'<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:setup_rootfs_pivot_root:1197 - created '/usr/lib/lxc/rootfs/lxc_putold' directory<br>
lxc-start 1418564090.117 DEBUG lxc_conf - conf.c:setup_rootfs_pivot_root:1200 - mountpoint for old rootfs is '/usr/lib/lxc/rootfs/lxc_putold'<br>
lxc-start 1418564090.118 DEBUG lxc_conf - conf.c:setup_rootfs_pivot_root:1213 - pivot_root syscall to '/usr/lib/lxc/rootfs' successful<br>
lxc-start 1418564090.151 INFO lxc_conf - conf.c:umount_oldrootfs:1151 - lazy unmount of '/lxc_putold'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/dev'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/dev/shm'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/dev/pts'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/dev/hugepages'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/dev/mqueue'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/proc'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/proc/sys/fs/binfmt_misc'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/kernel/security'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/systemd'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/cpuset'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/cpu,cpuacct'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/memory'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/devices'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/freezer'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/net_cls'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/blkio'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/perf_event'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/cgroup/hugetlb'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/fs/pstore'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/firmware/efi/efivars'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/kernel/config'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/sys/kernel/debug'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/run'<br>
lxc-start 1418564090.151 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/run/user/1000'<br>
lxc-start 1418564090.152 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/tmp'<br>
lxc-start 1418564090.152 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/boot'<br>
lxc-start 1418564090.152 WARN lxc_conf - conf.c:umount_oldrootfs:1161 - failed to unmount '/lxc_putold/var/lib/docker/btrfs'<br>
lxc-start 1418564090.152 INFO lxc_conf - conf.c:setup_personality:1791 - set personality to '0x0'<br>
lxc-start 1418564090.152 NOTICE lxc_conf - conf.c:lxc_setup:4253 - 'jessie' is setup.<br>
lxc-start 1418564090.152 NOTICE lxc_start - start.c:start:1152 - exec'ing '/sbin/init'<br>
lxc-start 1418564090.153 NOTICE lxc_start - start.c:post_start:1163 - '/sbin/init' started with pid '2732'<br>
lxc-start 1418564090.153 WARN lxc_start - start.c:signal_handler:295 - invalid pid for SIGCHLD<br>
<br>
<br>
a) Container config file:<br>
<br>
# Template used to create this container:<br>
# /usr/share/lxc/templates/lxc-download<br>
# Parameters passed to the template: -d debian -r jessie -a amd64<br>
# For additional config options, please look at lxc.container.conf(5)<br>
<br>
# Distribution configuration<br>
lxc.include = /usr/share/lxc/config/debian.common.conf<br>
lxc.include = /usr/share/lxc/config/debian.userns.conf<br>
lxc.arch = x86_64<br>
<br>
# Container specific configuration<br>
lxc.id_map = u 0 100000 65536<br>
lxc.id_map = g 0 100000 65536<br>
lxc.rootfs = /home/chb/.local/share/lxc/jessie/rootfs<br>
lxc.utsname = jessie<br>
<br>
# Network configuration<br>
lxc.network.type = veth<br>
lxc.network.flags = up<br>
lxc.network.link = br0<br>
<a href="http://lxc.network.name" target="_blank">lxc.network.name</a> = eth0<br>
lxc.network.hwaddr = 00:16:3e:3a:f1:12<br>
lxc.network.mtu = 1500<br>
lxc.network.ipv4.gateway = 192.168.200.1<br>
lxc.network.ipv4 = <a href="http://192.168.200.12/24" target="_blank">192.168.200.12/24</a><br>
<br>
b) /usr/share/lxc/debian.common.conf:<br>
<br>
# Default pivot location<br>
lxc.pivotdir = lxc_putold<br>
<br>
# Default mount entries<br>
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0<br>
lxc.mount.entry = sysfs sys sysfs defaults 0 0<br>
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none<br>
bind,optional 0 0<br>
<br>
# Default console settings<br>
lxc.tty = 4<br>
lxc.pts = 1024<br>
<br>
# Default capabilities<br>
lxc.cap.drop = sys_module mac_admin mac_override sys_time<br>
<br>
# When using LXC with apparmor, the container will be confined by<br>
# default.<br>
# If you wish for it to instead run unconfined, copy the following line<br>
# (uncommented) to the container's configuration file.<br>
#lxc.aa_profile = unconfined<br>
<br>
# To support container nesting on an Ubuntu host while retaining most of<br>
# apparmor's added security, use the following two lines instead.<br>
#lxc.aa_profile = lxc-container-default-with-nesting<br>
#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups<br>
<br>
# If you wish to allow mounting block filesystems, then use the<br>
# following<br>
# line instead, and make sure to grant access to the block device and/or<br>
# loop<br>
# devices below in lxc.cgroup.devices.allow.<br>
#lxc.aa_profile = lxc-container-default-with-mounting<br>
<br>
# Default cgroup limits<br>
lxc.cgroup.devices.deny = a<br>
## Allow any mknod (but not using the node)<br>
lxc.cgroup.devices.allow = c *:* m<br>
lxc.cgroup.devices.allow = b *:* m<br>
## /dev/null and zero<br>
lxc.cgroup.devices.allow = c 1:3 rwm<br>
lxc.cgroup.devices.allow = c 1:5 rwm<br>
## consoles<br>
lxc.cgroup.devices.allow = c 5:0 rwm<br>
lxc.cgroup.devices.allow = c 5:1 rwm<br>
## /dev/{,u}random<br>
lxc.cgroup.devices.allow = c 1:8 rwm<br>
lxc.cgroup.devices.allow = c 1:9 rwm<br>
## /dev/pts/*<br>
lxc.cgroup.devices.allow = c 5:2 rwm<br>
lxc.cgroup.devices.allow = c 136:* rwm<br>
## rtc<br>
lxc.cgroup.devices.allow = c 254:0 rm<br>
## fuse<br>
lxc.cgroup.devices.allow = c 10:229 rwm<br>
## tun<br>
lxc.cgroup.devices.allow = c 10:200 rwm<br>
## full<br>
lxc.cgroup.devices.allow = c 1:7 rwm<br>
## hpet<br>
lxc.cgroup.devices.allow = c 10:228 rwm<br>
## kvm<br>
lxc.cgroup.devices.allow = c 10:232 rwm<br>
## To use loop devices, copy the following line to the container's<br>
## configuration file (uncommented).<br>
#lxc.cgroup.devices.allow = b 7:* rwm<br>
<br>
# Blacklist some syscalls which are not safe in privileged<br>
# containers<br>
lxc.seccomp = /usr/share/lxc/config/common.seccomp<br>
<br>
c) /usr/share/lxc/debian.userns.conf:<br>
<br>
# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices<br>
lxc.cgroup.devices.deny =<br>
lxc.cgroup.devices.allow =<br>
<br>
# Extra bind-mounts for userns<br>
lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0<br>
lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0<br>
lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0<br>
lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0<br>
lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0<br>
lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0<br>
lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0<br>
<br>
# Default seccomp policy is not needed for unprivileged containers, and<br>
# non-root users cannot use seccmp without NNP anyway.<br>
lxc.seccomp =<br>
<br>
Best,<br>
Christian<br>
<br>
<br><br>---------- Message transféré ----------<br>From: Eric Keller <<a href="mailto:keller.eric@gmail.com">keller.eric@gmail.com</a>><br>To: LXC users mailing-list <<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a>><br>Cc: <br>Date: Sun, 14 Dec 2014 14:47:23 +0100<br>Subject: Re: [lxc-users] Ubuntu Trusty Tahr 14.04 LTS<br><p dir="ltr">Could simply be that you are behind a firewall... That why the ask Ubuntu answer includes setting up a proxy environment variable.</p>
<p dir="ltr">The error message means you cannot get the appropriate key from the server, a workaround is to download the key using wget or curl and then using apt-key add the-downloaded-key</p>
<p dir="ltr">Hope this helps</p>
<p dir="ltr">Regards<br>
Eric</p>
<div class="gmail_quote">On Dec 13, 2014 7:21 PM, "Thouraya TH" <<a href="mailto:thouraya87@gmail.com" target="_blank">thouraya87@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Hello, Please i have already posted this question but i haven't any answer;<br></div>i found this solution on the web:<br><a href="http://askubuntu.com/questions/544597/lxc-create-hangs-and-finally-fails" target="_blank">http://askubuntu.com/questions/544597/lxc-create-hangs-and-finally-fails</a><br></div>but i didn't understand the solution.<br></div>Can you explain me the solution on the URL ?<br><div><div><br><br><div><div><b>Problem</b><br>root@localhost:/home# sudo lxc-create -t ubuntu -n u1 -- -r trusty -a amd64<span><br>Checking cache download in /var/cache/lxc/trusty/rootfs-amd64 ... <br>Installing packages in template: ssh,vim,language-pack-en<br>Downloading ubuntu trusty minimal ...<br>I: Retrieving Release <br><br></span><b>E: Failed getting release file <a href="http://archive.ubuntu.com/ubuntu/dists/trusty/Release" target="_blank">http://archive.ubuntu.com/ubuntu/dists/trusty/Release</a></b><br>lxc_container: container creation template for u1 failed<br>lxc_container: Error creating container u1<br><br><div><div><div>root@localhost:~# sudo lxc-create -t download -n ubuntu -- -d ubuntu -r trusty -a amd64<br>lxc-create: Error: ubuntu creation was not completed<br>Setting up the GPG keyring<br>ERROR: Unable to fetch GPG key from keyserver.<br><br><span></span></div></div>Thanks a lot.<br></div>Bests. <br><br><br></div></div></div></div></div>
<br>_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></blockquote></div>
<br>_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br></blockquote></div></div>