[lxc-devel] Howto user namespaces?
richard -rw- weinberger
richard.weinberger at gmail.com
Thu Apr 11 21:12:59 UTC 2013
On Thu, Apr 11, 2013 at 7:02 PM, Eric W. Biederman
<ebiederm at xmission.com> wrote:
> Serge Hallyn <serge.hallyn at ubuntu.com> writes:
>
>> Quoting Eric W. Biederman (ebiederm at xmission.com):
>> After creating the /dev/ttyN we chown them to the root uid inside the
>> container. I've not had failures with this.
>
> Yes that should work fine.
>
> There aren't any chown calls in Richards strace logs, why that is I
> don't know, but that seems to be cause of his troubles.
Reading lxc 0.9.0's sources explains why.
It tries to chmod before chown. :-\
lxc_spawn() does:
handler->pid = lxc_clone(do_start, handler, handler->clone_flags);
...
if (lxc_map_ids(&handler->conf->id_map, handler->pid)) {
...
if (uid_shift_ttys(handler->pid, handler->conf))
Sadly, do_start() calls lxc_setup() which calls setup_console() which calls
later chmod().
So, the logic is complete garbage.
lxc has to map and shif the uid much earlier.
--
Thanks,
//richard
More information about the lxc-devel
mailing list