[lxc-devel] problem with user namespace as root
Michael H. Warfield
mhw at WittsEnd.com
Fri Feb 14 17:48:12 UTC 2014
On Fri, 2014-02-14 at 09:55 -0600, Serge Hallyn wrote:
> Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > On Fri, 2014-02-14 at 11:49 +0100, Stephan Sachse wrote:
> > > > You didn't say if you had applied my experimental patch or not. I'm
> > > > guessing not but I can't be sure.
> >
> > > no, this was only the complete log of my "i lost my brain" mail.
> >
> > K
> >
> > > > 2) Find the lxc-devsetup script (in lxc/config/init/systemd/lxc-devsetup
> > > > in the source tree) and run that as root to see if we have better luck
> > > > under devtmpfs.
> >
> > > output attached
> >
> > Ok...
> >
> > lxc-start 1392374433.579 DEBUG lxc_conf - Bind
> > mounting /dev/.lxc/user/fedora1.533098688727054a
> > to /usr/lib64/lxc/rootfs/dev
> >
> > That looks good...
> >
> > lxc-start 1392374433.579 INFO lxc_conf - Mounted /dev
> > under /usr/lib64/lxc/rootfs
> > lxc-start 1392374433.579 INFO lxc_conf - Creating initial consoles
> > under /usr/lib64/lxc/rootfs/dev
> > lxc-start 1392374433.579 INFO lxc_conf - Populating /dev
> > under /usr/lib64/lxc/rootfs
> > lxc-start 1392374433.579 ERROR lxc_conf - Operation not permitted -
> > Error creating null
> >
> > That looks bad. Rats. That's not going to work for the reason I
> > suspected to begin with. We're back to square one and need to get the
> > operations of mounting devpts on top of tmpfs working.
> But it does work.
This set of errors was different from the previous setl.
I looked closer at his errors and that error messages about "null" was
specific to a mknod. He's still running the mknod code.
> serge at sergelap:~$ cd /tmp
> serge at sergelap:/tmp$ mkdir mnt
> serge at sergelap:/tmp$ grep serge /etc/subuid
> serge:100000:100000
> serge at sergelap:/tmp$ lxc-usernsexec -m b:0:100000:1 -m b:1:1000:1 -- chown 0 mnt
> serge at sergelap:/tmp$ ls -ld mnt
> drwxrwxr-x 2 100000 serge 4096 Feb 14 09:45 mnt
> serge at sergelap:/tmp$ lxc-usernsexec /bin/bash
> root at sergelap:/tmp# mount -t tmpfs tmpfs mnt
> root at sergelap:/tmp# cd mnt
> root at sergelap:/tmp/mnt# ls
> root at sergelap:/tmp/mnt# mkdir tmp
> root at sergelap:/tmp/mnt# mkdir devpts
> root at sergelap:/tmp/mnt# mount -t devpts -o newinstance devpts devpts
> root at sergelap:/tmp/mnt# ls devpts/
> ptmx
>
> And actually it's 'creating null' that failed. Don't know why.
>
> Stephan, do you have a github account? Would it be possible for you to
> put up a branch containing your changes?
>
> Now actually, the error message is
>
> "Error creating null"
>
> but in YOUR code you are doing
>
> SYSERROR("error creating %s\n", path)
>
> So you're actually going through the !in_userns() case in your new
> setup_autodev().
>
> -serge
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
>
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140214/60d5d455/attachment.pgp>
More information about the lxc-devel
mailing list