[lxc-devel] Howto user namespaces?

Serge Hallyn serge.hallyn at ubuntu.com
Tue Apr 9 03:28:45 UTC 2013


Quoting richard -rw- weinberger (richard.weinberger at gmail.com):
> Hi!
> 
> I'm on Linux 3.8 and lxc 0.9.0.
> How are the user namespaces in lxc supposed to work?
> 
> I've created an opensuse instance using "lxc-create -n foo -t
> /usr/share/lxc/templates/lxc-opensuse" and the added these two lines
> to the config:
> lxc.id_map = u 0 100000 10000
> lxc.id_map = g 0 100000 10000
> 
> But now lxc-start fails.
> lxc-start: Operation not permitted - Failed to mount /dev at
> /usr/lib64/lxc/rootfs
> 
> The following syscall fails:
> mount("none", "/usr/lib64/lxc/rootfs/dev", "tmpfs", 0, "size=100000")
> = -1 EPERM (Operation not permitted)
> 
> Am I missing something obvious?

lxc-create does not yet convert the rootfs to the mapped uids, so you
need to do that manually using uidmapshift.  Check the
container-userns-convert script at
https://code.launchpad.net/~serge-hallyn/+junk/nsexec or in the nsexec
package at ppa:serge-hallyn/userns-natty.

-serge




More information about the lxc-devel mailing list