[lxc-devel] problem with user namespace as root
Michael H. Warfield
mhw at WittsEnd.com
Fri Feb 14 18:03:53 UTC 2014
On Fri, 2014-02-14 at 09:55 -0600, Serge Hallyn wrote:
> Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > On Fri, 2014-02-14 at 11:49 +0100, Stephan Sachse wrote:
> > > > You didn't say if you had applied my experimental patch or not. I'm
> > > > guessing not but I can't be sure.
> >
> > > no, this was only the complete log of my "i lost my brain" mail.
> >
> > K
> >
> > > > 2) Find the lxc-devsetup script (in lxc/config/init/systemd/lxc-devsetup
> > > > in the source tree) and run that as root to see if we have better luck
> > > > under devtmpfs.
> >
> > > output attached
> >
> > Ok...
> >
> > lxc-start 1392374433.579 DEBUG lxc_conf - Bind
> > mounting /dev/.lxc/user/fedora1.533098688727054a
> > to /usr/lib64/lxc/rootfs/dev
> >
> > That looks good...
> >
> > lxc-start 1392374433.579 INFO lxc_conf - Mounted /dev
> > under /usr/lib64/lxc/rootfs
> > lxc-start 1392374433.579 INFO lxc_conf - Creating initial consoles
> > under /usr/lib64/lxc/rootfs/dev
> > lxc-start 1392374433.579 INFO lxc_conf - Populating /dev
> > under /usr/lib64/lxc/rootfs
> > lxc-start 1392374433.579 ERROR lxc_conf - Operation not permitted -
> > Error creating null
> >
> > That looks bad. Rats. That's not going to work for the reason I
> > suspected to begin with. We're back to square one and need to get the
> > operations of mounting devpts on top of tmpfs working.
>
> But it does work.
> serge at sergelap:~$ cd /tmp
> serge at sergelap:/tmp$ mkdir mnt
> serge at sergelap:/tmp$ grep serge /etc/subuid
> serge:100000:100000
> serge at sergelap:/tmp$ lxc-usernsexec -m b:0:100000:1 -m b:1:1000:1 -- chown 0 mnt
> serge at sergelap:/tmp$ ls -ld mnt
> drwxrwxr-x 2 100000 serge 4096 Feb 14 09:45 mnt
> serge at sergelap:/tmp$ lxc-usernsexec /bin/bash
> root at sergelap:/tmp# mount -t tmpfs tmpfs mnt
> root at sergelap:/tmp# cd mnt
> root at sergelap:/tmp/mnt# ls
> root at sergelap:/tmp/mnt# mkdir tmp
> root at sergelap:/tmp/mnt# mkdir devpts
> root at sergelap:/tmp/mnt# mount -t devpts -o newinstance devpts devpts
> root at sergelap:/tmp/mnt# ls devpts/
> ptmx
> And actually it's 'creating null' that failed. Don't know why.
So, he got the "creating null" error when the devtmpfs bind mount was in
place. The error mounting devpts -> "Invalid Argument" was when he was
falling back to tmpfs case. Not sure what argument was failing but,
does your example above reproduce all the options from this mount call
that's failing?
(mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL,
"newinstance,ptmxmode=0666,mode=0620,gid=5"))
I see you've got newinstance but there's the mode, ptxmod and gid in
there as well as whatever this MS_MGC_VAL is.
Regards,
Mike
> Stephan, do you have a github account? Would it be possible for you to
> put up a branch containing your changes?
>
> Now actually, the error message is
>
> "Error creating null"
>
> but in YOUR code you are doing
>
> SYSERROR("error creating %s\n", path)
>
> So you're actually going through the !in_userns() case in your new
> setup_autodev().
>
> -serge
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
>
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140214/e71c8418/attachment.pgp>
More information about the lxc-devel
mailing list