[lxc-devel] [PATCH 1/1] userns: clear and save id_map

Dwight Engen dwight.engen at oracle.com
Tue Jul 16 00:00:43 UTC 2013 

On Mon, 15 Jul 2013 16:45:36 -0500
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:

> Quoting Dwight Engen (dwight.engen at oracle.com):
> > Starting program: /usr/bin/lxc-clone -s -o ol64-01 -n ol64-04
> > [Thread debugging using libthread_db enabled]
> > Using host libthread_db library "/lib64/libthread_db.so.1".
> > Detaching after fork from child process 28359.
> > Detaching after fork from child process 28361.
> > 
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x00007f99e689e08e in write_config (fout=fout at entry=0x1b79670,
> > c=0x1b77400) at confile.c:1950
> > 1950	confile.c: No such file or directory.
> > Missing separate debuginfos, use: debuginfo-install
> > lxc-0.9.x-1.fc18.x86_64 (gdb) bt
> > #0  0x00007f99e689e08e in write_config (fout=fout at entry=0x1b79670,
> > c=0x1b77400) at confile.c:1950
> > #1  0x00007f99e68a6c6b in lxcapi_save_config (c=0x1b764d0,
> > alt_file=<optimized out>) at lxccontainer.c:1214
> > #2  0x00007f99e68a99b8 in lxcapi_clone (c=<optimized out>,
> > newname=<optimized out>, lxcpath=<optimized out>, flags=<optimized
> > out>, bdevtype=0x0, bdevdata=0x0, newsize=0, hookargs=0x0) at
> > out>lxccontainer.c:1963
> > #3  0x0000000000400d2f in main ()
> 
> Actually I think that looks a bit different from the segfault I was
> getting with my first version - please let me know if v2 still
> causes this for you.  (I don't get it with non-snapped clones).

v2 works fine for me with snapshoted clone, thanks! and

Acked-by: Dwight Engen <dwight.engen at oracle.com>
Tested-by: Dwight Engen <dwight.engen at oracle.com>

I did notice something though: after the clone I ran uidmapshift -r to
check the range of uid's in the cloned rootfs and there is one file
that was out of range: it is the <rootfs>/etc/hostname that
clone_update_rootfs() creates. For templates that already have this
file, I think it will be fine but for those that don't the file will be
created as the uid of the caller. I think maybe we should just call
file_exists(path) before doing the fopen() in that flow, if you agree I
can send a patch.

> The reason I needed this patch now was because with unprivileged
> lxc-create, the container config with id map gets saved and restored
> a few times during the course of container creation, so losing the
> id mapping was a blocker :)

Yeah I guess that would be a necessary part :)

> Hoping to send some fun patches soon.
> 
> -serge

More information about the lxc-devel mailing list