[lxc-devel] problem with user namespace as root
Michael H. Warfield
mhw at WittsEnd.com
Fri Feb 14 17:46:35 UTC 2014
On Fri, 2014-02-14 at 11:49 +0100, Stephan Sachse wrote:
> > You didn't say if you had applied my experimental patch or not. I'm
> > guessing not but I can't be sure.
> no, this was only the complete log of my "i lost my brain" mail.
> > 2) Find the lxc-devsetup script (in lxc/config/init/systemd/lxc-devsetup
> > in the source tree) and run that as root to see if we have better luck
> > under devtmpfs.
> output attached
Maybe there's still some hope here, taking a closer look.
Now... Was that run with the stock code that was still trying to do the
mknod in setup_autodev or with the code you added attempting to do the
bind mount?
You still need the code doing a bind mount as you still can not do a
mknod. Unfortunately, you didn't post your final patch but, from what I
see in your initial patch, I see you have two error exits with almost
identical messages, only one prints out a path and the other prints out
the device name. What I see here is the device name:
lxc-start 1392374433.579 ERROR lxc_conf - Operation not permitted -
Error creating null
That exit occurs after a failed mknod. That's telling me that either
you're testing this with the original stock logic or there's a flaw in
your patch and it's still trying to do the mknod, which we know will not
work in a user namespace.
> --
> Software is like sex, it's better when it's free!
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140214/070b81d6/attachment.pgp>
More information about the lxc-devel
mailing list