[lxc-devel] problem with user namespace as root
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Feb 14 19:30:30 UTC 2014
Quoting Michael H. Warfield (mhw at WittsEnd.com):
> On Fri, 2014-02-14 at 13:52 -0500, Michael H. Warfield wrote:
> > On Fri, 2014-02-14 at 09:55 -0600, Serge Hallyn wrote:
> > > Quoting Michael H. Warfield (mhw at WittsEnd.com):
> > > > On Fri, 2014-02-14 at 11:49 +0100, Stephan Sachse wrote:
> > > > > > You didn't say if you had applied my experimental patch or not. I'm
> > > > > > guessing not but I can't be sure.
> > > >
> > > > > no, this was only the complete log of my "i lost my brain" mail.
> > > >
> > > > K
> > > >
> > > > > > 2) Find the lxc-devsetup script (in lxc/config/init/systemd/lxc-devsetup
> > > > > > in the source tree) and run that as root to see if we have better luck
> > > > > > under devtmpfs.
> > > >
> > > > > output attached
> > > >
> > > > Ok...
> > > >
> > > > lxc-start 1392374433.579 DEBUG lxc_conf - Bind
> > > > mounting /dev/.lxc/user/fedora1.533098688727054a
> > > > to /usr/lib64/lxc/rootfs/dev
> > > >
> > > > That looks good...
> > > >
> > > > lxc-start 1392374433.579 INFO lxc_conf - Mounted /dev
> > > > under /usr/lib64/lxc/rootfs
> > > > lxc-start 1392374433.579 INFO lxc_conf - Creating initial consoles
> > > > under /usr/lib64/lxc/rootfs/dev
> > > > lxc-start 1392374433.579 INFO lxc_conf - Populating /dev
> > > > under /usr/lib64/lxc/rootfs
> > > > lxc-start 1392374433.579 ERROR lxc_conf - Operation not permitted -
> > > > Error creating null
> > > >
> > > > That looks bad. Rats. That's not going to work for the reason I
> > > > suspected to begin with. We're back to square one and need to get the
> > > > operations of mounting devpts on top of tmpfs working.
> > >
> > > But it does work.
>
> > I can't get it to work. This is obviously part of my coming up to speed
> > with user namespaces, I guess...
>
> Crap. Here's my problem:
>
> lxc-checkconfig:
>
> User namespace: missing
>
> Damn...
Probably best to grab a 3.13 kernel and set CONFIG_USER_NS=y.
Out of curiosity, where did you get your shadow package or your
newuidmap program?
-serge
More information about the lxc-devel
mailing list