<div dir="ltr">Serge, I did have that sysctl, but it was set to 0. I changed it to 1 and now I get a new error:<div><br></div><div><div>lxcuser@thinkhost:~$ lxc-create -t download -n c2</div><div>lxc: conf.c: lxc_map_ids: 3145 Missing newuidmap/newgidmap</div><div>error mapping child</div><div>setgid: Invalid argument</div><div>lxc_container: lxccontainer.c: do_create_container_dir: 772 Failed to chown container dir</div><div>lxc_container: lxc_create.c: main: 274 Error creating container c2</div></div><div><br></div><div>I have assigned lxcuser to the following uid/gid range: 165536 65536 and I have that set in ~/.config/lxc/default.conf</div><div><br></div><div><div>lxcuser@thinkhost:~$ cat ~/.config/lxc/default.conf</div><div>lxc.network.type = veth</div><div>lxc.network.link = lxcbr0</div><div><a href="http://lxc.network.name">lxc.network.name</a> = eth0</div><div>lxc.id_map = u 0 165536 65536</div><div>lxc.id_map = g 0 165536 65536</div></div><div><br></div><div><div>root@thinkhost:~# cat /etc/sub* | grep lxcuser</div><div>lxcuser:165536:65536</div><div>lxcuser:165536:65536</div></div><div><br></div><div>Thanks,</div><div>Joshua</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Apr 2, 2015 at 2:49 PM, Serge Hallyn <span dir="ltr"><<a href="mailto:serge.hallyn@ubuntu.com" target="_blank">serge.hallyn@ubuntu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Quoting Joshua Schaeffer (<a href="mailto:jschaeffer0922@gmail.com">jschaeffer0922@gmail.com</a>):<br>
> I've been using LXC's on Debian 7 for over a year now and everything has<br>
> been working great, but I've just been using the version that is packaged<br>
> with the distro and I figured it's probably time to get up to date and<br>
> start taking advantage of the newer features and unprivileged containers.<br>
> So I've created a VM with Debian 8 on it and downloaded the source for LXC<br>
> 1.1.1.<br>
><br>
> I configured, compiled, and installed the software without any issues, but<br>
> when I try to run lxc-create as a regular user I get the following error:<br>
><br>
> --------------------------------------------------------------------------<br>
> lxcuser@thinkhost:~$ lxc-create -t download -n c1<br>
> unshare: Operation not permitted<br>
<br>
</span>Since unshare failed, your kernel seems to not be allowing unprivileged<br>
CLONE_NEWUSER. Check whether there is a sysctl called<br>
/proc/sys/kernel/unprivileged_userns_clone, and if so set it to 1.<br>
<span class=""><br>
> read pipe: Success<br>
> lxc_container: lxccontainer.c: do_create_container_dir: 772 Failed to chown<br>
> container dir<br>
> lxc_container: lxc_create.c: main: 274 Error creating container c2<br>
> --------------------------------------------------------------------------<br>
><br>
> I've set execute rights on the home directory for that user. Seems like I'm<br>
> missing something obvious. Below is the configure parameters I used. make,<br>
> make check, and make install reported no problems or errors:<br>
><br>
> ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var<br>
> --enable-doc --enable-capabilities --with-distro=debian<br>
><br>
> I can run the above command as root and it successfully downloads the<br>
> template and creates the container which I can then attach to.<br>
><br>
> Thanks,<br>
> Joshua<br>
<br>
</span>> _______________________________________________<br>
> lxc-users mailing list<br>
> <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
> <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
<br>
_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></blockquote></div><br></div>