[lxc-devel] problem with user namespace as root

Michael H. Warfield mhw at WittsEnd.com
Fri Feb 14 18:58:12 UTC 2014 

On Fri, 2014-02-14 at 13:52 -0500, Michael H. Warfield wrote:
> On Fri, 2014-02-14 at 09:55 -0600, Serge Hallyn wrote:
> > Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > > On Fri, 2014-02-14 at 11:49 +0100, Stephan Sachse wrote:
> > > > > You didn't say if you had applied my experimental patch or not.  I'm
> > > > > guessing not but I can't be sure.
> > > 
> > > > no, this was only the complete log of my "i lost my brain" mail.
> > > 
> > > K
> > > 
> > > > > 2) Find the lxc-devsetup script (in lxc/config/init/systemd/lxc-devsetup
> > > > > in the source tree) and run that as root to see if we have better luck
> > > > > under devtmpfs.
> > > 
> > > > output attached
> > > 
> > > Ok...
> > > 
> > > lxc-start 1392374433.579 DEBUG    lxc_conf - Bind
> > > mounting /dev/.lxc/user/fedora1.533098688727054a
> > > to /usr/lib64/lxc/rootfs/dev
> > > 
> > > That looks good...
> > > 
> > > lxc-start 1392374433.579 INFO     lxc_conf - Mounted /dev
> > > under /usr/lib64/lxc/rootfs
> > > lxc-start 1392374433.579 INFO     lxc_conf - Creating initial consoles
> > > under /usr/lib64/lxc/rootfs/dev
> > > lxc-start 1392374433.579 INFO     lxc_conf - Populating /dev
> > > under /usr/lib64/lxc/rootfs
> > > lxc-start 1392374433.579 ERROR    lxc_conf - Operation not permitted -
> > > Error creating null
> > > 
> > > That looks bad.  Rats.  That's not going to work for the reason I
> > > suspected to begin with.  We're back to square one and need to get the
> > > operations of mounting devpts on top of tmpfs working.
> > 
> > But it does work.

> I can't get it to work.  This is obviously part of my coming up to speed
> with user namespaces, I guess...

Crap.  Here's my problem:

lxc-checkconfig:

User namespace: missing

Damn...

> On Fedora 20...
> 
> [mhw at hyperion tmp]$ uname -a
> Linux hyperion.wittsend.com 3.12.8-300.fc20.x86_64 #1 SMP Thu Jan 16
> 01:07:50 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
> [mhw at hyperion tmp]$ mkdir mnt
> [mhw at hyperion tmp]$ cat /etc/subuid 
> mhw:1000:1000
> [mhw at hyperion tmp]$  lxc-usernsexec -m b:0:1000:1 -- chown 0 mnt
> unshare: Invalid argument
> read pipe: No such file or directory
> [mhw at hyperion tmp]$ ls -lad mnt
> drwxrwxr-x 2 mhw mhw 40 Feb 14 13:44 mnt
> 
> Obviously, I don't have something set up right on that host and I don't
> know what I'm missing.  He's on CentOS on a "handcrafted rpm".  A lot of
> variables in play here...
> 
> Regards
> Mike
> 
> > serge at sergelap:~$ cd /tmp
> > serge at sergelap:/tmp$ mkdir mnt
> > serge at sergelap:/tmp$ grep serge /etc/subuid
> > serge:100000:100000
> > serge at sergelap:/tmp$ lxc-usernsexec -m b:0:100000:1 -m b:1:1000:1 -- chown 0 mnt
> > serge at sergelap:/tmp$ ls -ld mnt
> > drwxrwxr-x 2 100000 serge 4096 Feb 14 09:45 mnt
> > serge at sergelap:/tmp$ lxc-usernsexec /bin/bash
> > root at sergelap:/tmp# mount -t tmpfs tmpfs mnt
> > root at sergelap:/tmp# cd mnt
> > root at sergelap:/tmp/mnt# ls
> > root at sergelap:/tmp/mnt# mkdir tmp
> > root at sergelap:/tmp/mnt# mkdir devpts
> > root at sergelap:/tmp/mnt# mount -t devpts -o newinstance devpts devpts
> > root at sergelap:/tmp/mnt# ls devpts/
> > ptmx
> > 
> > And actually it's 'creating null' that failed.  Don't know why.
> > 
> > Stephan, do you have a github account?  Would it be possible for you to
> > put up a branch containing your changes?
> > 
> > Now actually, the error message is
> > 
> > 	"Error creating null"
> > 
> > but in YOUR code you are doing
> > 
> > 	SYSERROR("error creating %s\n", path)
> > 
> > So you're actually going through the !in_userns() case in your new
> > setup_autodev().
> > 
> > -serge
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> > 
> 

-- 
Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140214/78128d0e/attachment-0001.pgp>

More information about the lxc-devel mailing list