[lxc-devel] Howto user namespaces?

Serge Hallyn serge.hallyn at ubuntu.com
Thu Apr 11 21:40:44 UTC 2013


Quoting richard -rw- weinberger (richard.weinberger at gmail.com):
> On Thu, Apr 11, 2013 at 7:02 PM, Eric W. Biederman
> <ebiederm at xmission.com> wrote:
> > Serge Hallyn <serge.hallyn at ubuntu.com> writes:
> >
> >> Quoting Eric W. Biederman (ebiederm at xmission.com):
> >> After creating the /dev/ttyN we chown them to the root uid inside the
> >> container.  I've not had failures with this.
> >
> > Yes that should work fine.
> >
> > There aren't any chown calls in Richards strace logs, why that is I
> > don't know, but that seems to be cause of his troubles.
> 
> Reading lxc 0.9.0's sources explains why.
> 
> It tries to chmod before chown. :-\
> lxc_spawn() does:
> handler->pid = lxc_clone(do_start, handler, handler->clone_flags);
> ...
> if (lxc_map_ids(&handler->conf->id_map, handler->pid)) {
> ...
> if (uid_shift_ttys(handler->pid, handler->conf))
> 
> Sadly, do_start() calls lxc_setup() which calls setup_console() which calls
> later chmod().

That explains why it works for me - if you set lxc.ttydir=lxc, you
won't hit that chmod.  The chmod realistically doesn't seem necessary
(as either getty or login is changing the console perms anyway), but
if it is perhaps it should be done right after the openpty.

> So, the logic is complete garbage.

Yeah, complete garbage.  So pathetic I'll just wait for someone more
capable to fix it.  Sucky embarassing pathetic sophomoric crap.

> lxc has to map and shif the uid much earlier.

-serge




More information about the lxc-devel mailing list