<div dir="ltr">Hello users,<div><br></div><div>I am writing to see if anyone else has experienced the behavior I am seeing and to ask the people who would know if this is expected. lxc 2.0.3, linux 4.1.8</div><div><br></div><div>I am trying to start an unprivileged container from root. The container is configured with the following mount options:</div><div><br></div><div><span style="color:rgb(0,0,0)">lxc.rootfs = loop:/opt/rootfs.squashfs</span></div><div><span style="color:rgb(0,0,0)">lxc.rootfs.mount = /var/lib/lxc/lxc1/rootfs</span></div><div><span style="color:rgb(0,0,0)">lxc.rootfs.options = -t squashfs</span></div><div><span style="color:rgb(0,0,0)"><br></span></div><div><span style="color:rgb(0,0,0)">This all works fine when /opt is mounted as read/write, but lxc-start fails when mounted as read only. I am able to mount the squashfs to the destination manually as real root whether the source file system is read only or not, but lxc-start seems to need it to be read/write.</span></div><div><span style="color:rgb(0,0,0)"><br></span></div><div><span style="color:rgb(0,0,0)">Here is the container start log from when /opt is mounted read only, any insight or help is appreciated:</span></div><div><span style="color:rgb(0,0,0)"><br></span></div><div><pre style="color:rgb(0,0,0)"> lxc-start 20161016091404.038 INFO lxc_start_ui - tools/lxc_start.c:main:264 - using rcfile /var/lib/lxc/lxc1/config
lxc-start 20161016091404.039 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type u nsid 0 hostid 101000 range 1000
lxc-start 20161016091404.039 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type g nsid 0 hostid 101000 range 1000
lxc-start 20161016091404.039 INFO lxc_start - start.c:lxc_check_inherited:252 - closed inherited fd 4
lxc-start 20161016091404.040 INFO lxc_container - lxccontainer.c:do_lxcapi_start:797 - Attempting to set proc title to [lxc monitor] /var/lib/lxc lxc1
lxc-start 20161016091404.040 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
lxc-start 20161016091404.041 DEBUG lxc_start - start.c:setup_signal_fd:290 - sigchild handler set
lxc-start 20161016091404.041 DEBUG lxc_console - console.c:lxc_console_peer_default:469 - no console peer
lxc-start 20161016091404.041 INFO lxc_start - start.c:lxc_init:489 - 'lxc1' is initialized
lxc-start 20161016091404.041 DEBUG lxc_start - start.c:__lxc_start:1327 - Not dropping cap_sys_boot or watching utmp
lxc-start 20161016091404.041 INFO lxc_start - start.c:lxc_check_inherited:252 - closed inherited fd 4
lxc-start 20161016091404.043 ERROR lxcloop - bdev/lxcloop.c:loop_mount:190 - Read-only file system - Error opening backing file loop:/opt/rootfs.squashfs
lxc-start 20161016091404.044 INFO lxc_monitor - monitor.c:lxc_monitor_sock_name:178 - using monitor sock name lxc/ad055575fe28ddd5//var/lib/lxc
lxc-start 20161016091404.056 ERROR lxc_conf - conf.c:mount_rootfs:807 - No such file or directory - failed to get real path for 'loop:/opt/rootfs.squashfs'
lxc-start 20161016091404.056 ERROR lxc_conf - conf.c:setup_rootfs:1221 - failed to mount rootfs
lxc-start 20161016091404.056 ERROR lxc_conf - conf.c:do_rootfs_setup:3623 - failed to setup rootfs for 'lxc1'
lxc-start 20161016091404.056 ERROR lxc_start - start.c:__lxc_start:1345 - Error setting up rootfs mount as root before spawn
lxc-start 20161016091404.057 WARN lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive response
lxc-start 20161016091409.062 ERROR lxc_start_ui - tools/lxc_start.c:main:344 - The container failed to start.
lxc-start 20161016091409.062 ERROR lxc_start_ui - tools/lxc_start.c:main:346 - To get more details, run the container in foreground mode.
lxc-start 20161016091409.123 ERROR lxc_start_ui - tools/lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.</pre></div><div><span style="color:rgb(0,0,0)"><br></span></div><div><span style="color:rgb(0,0,0)"><br></span></div><div><br></div><div><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div dir="ltr"><div style="text-align:left"><div style="text-align:left"><div style="font-size:small">Judd Meinders<br></div><div style="font-size:small"><br></div></div></div></div></div></div>
</div></div>