[lxc-devel] [PATCH 1/3] container creation: support unpriv container creation in user namespaces

Serge Hallyn serge.hallyn at ubuntu.com
Fri Oct 25 02:55:04 UTC 2013


Quoting Michael H. Warfield (mhw at WittsEnd.com):
> On Wed, 2013-10-23 at 01:02 +0000, Serge Hallyn wrote: 
> > From: Serge Hallyn <serge.hallyn at ubuntu.com>
> 
> > 1. lxcapi_create: don't try to unshare and mount for dir backed containers
> 
> > It's unnecessary, and breaks unprivileged lxc-create (since unpriv users
> > cannot yet unshare(CLONE_NEWNS)).
> 
> I saw this and thought "I wonder if this fixes the dangling mount
> problem" I described in an earlier message.  Nothing to do with being an
> unpriv user, since it was being run as root, but right smack where that
> problem seem to be.
> 
> Just retested with latest from git...  Problem gone.  This fix seems to
> have eliminated the dangling mounts on /usr/lib64/lxc/rootfs from
> lxc-create.

It shouldn't, but I thought it might.  Can you instrument to confirm
whether chroot_into_slave() is called on your host?




More information about the lxc-devel mailing list