[lxc-devel] problem with user namespace as root

Serge Hallyn serge.hallyn at ubuntu.com
Fri Feb 14 15:55:39 UTC 2014


Quoting Michael H. Warfield (mhw at WittsEnd.com):
> On Fri, 2014-02-14 at 11:49 +0100, Stephan Sachse wrote:
> > > You didn't say if you had applied my experimental patch or not.  I'm
> > > guessing not but I can't be sure.
> 
> > no, this was only the complete log of my "i lost my brain" mail.
> 
> K
> 
> > > 2) Find the lxc-devsetup script (in lxc/config/init/systemd/lxc-devsetup
> > > in the source tree) and run that as root to see if we have better luck
> > > under devtmpfs.
> 
> > output attached
> 
> Ok...
> 
> lxc-start 1392374433.579 DEBUG    lxc_conf - Bind
> mounting /dev/.lxc/user/fedora1.533098688727054a
> to /usr/lib64/lxc/rootfs/dev
> 
> That looks good...
> 
> lxc-start 1392374433.579 INFO     lxc_conf - Mounted /dev
> under /usr/lib64/lxc/rootfs
> lxc-start 1392374433.579 INFO     lxc_conf - Creating initial consoles
> under /usr/lib64/lxc/rootfs/dev
> lxc-start 1392374433.579 INFO     lxc_conf - Populating /dev
> under /usr/lib64/lxc/rootfs
> lxc-start 1392374433.579 ERROR    lxc_conf - Operation not permitted -
> Error creating null
> 
> That looks bad.  Rats.  That's not going to work for the reason I
> suspected to begin with.  We're back to square one and need to get the
> operations of mounting devpts on top of tmpfs working.

But it does work.

serge at sergelap:~$ cd /tmp
serge at sergelap:/tmp$ mkdir mnt
serge at sergelap:/tmp$ grep serge /etc/subuid
serge:100000:100000
serge at sergelap:/tmp$ lxc-usernsexec -m b:0:100000:1 -m b:1:1000:1 -- chown 0 mnt
serge at sergelap:/tmp$ ls -ld mnt
drwxrwxr-x 2 100000 serge 4096 Feb 14 09:45 mnt
serge at sergelap:/tmp$ lxc-usernsexec /bin/bash
root at sergelap:/tmp# mount -t tmpfs tmpfs mnt
root at sergelap:/tmp# cd mnt
root at sergelap:/tmp/mnt# ls
root at sergelap:/tmp/mnt# mkdir tmp
root at sergelap:/tmp/mnt# mkdir devpts
root at sergelap:/tmp/mnt# mount -t devpts -o newinstance devpts devpts
root at sergelap:/tmp/mnt# ls devpts/
ptmx

And actually it's 'creating null' that failed.  Don't know why.

Stephan, do you have a github account?  Would it be possible for you to
put up a branch containing your changes?

Now actually, the error message is

	"Error creating null"

but in YOUR code you are doing

	SYSERROR("error creating %s\n", path)

So you're actually going through the !in_userns() case in your new
setup_autodev().

-serge


More information about the lxc-devel mailing list