[lxc-devel] [PATCH 1/3] container creation: support unpriv container creation in user namespaces
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Oct 25 02:55:04 UTC 2013
Quoting Michael H. Warfield (mhw at WittsEnd.com):
> On Wed, 2013-10-23 at 01:02 +0000, Serge Hallyn wrote:
> > From: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> > 1. lxcapi_create: don't try to unshare and mount for dir backed containers
>
> > It's unnecessary, and breaks unprivileged lxc-create (since unpriv users
> > cannot yet unshare(CLONE_NEWNS)).
>
> I saw this and thought "I wonder if this fixes the dangling mount
> problem" I described in an earlier message. Nothing to do with being an
> unpriv user, since it was being run as root, but right smack where that
> problem seem to be.
>
> Just retested with latest from git... Problem gone. This fix seems to
> have eliminated the dangling mounts on /usr/lib64/lxc/rootfs from
> lxc-create.
It shouldn't, but I thought it might. Can you instrument to confirm
whether chroot_into_slave() is called on your host?
More information about the lxc-devel
mailing list