[lxc-devel] Unprivilege containers do not work on kernel 3.14.8, 3.15.1
KATOH Yasufumi
karma at jazz.email.ne.jp
Fri Jun 20 09:55:22 UTC 2014
I don't understand this so much...
>>> On Thu, 19 Jun 2014 21:16:51 +0000
in message "Re: [lxc-devel] Unprivilege containers do not work on kernel 3.14.8, 3.15.1"
Serge Hallyn-san wrote:
> oh - yeah, if you want to send a patch to fix this, what you'll need to do is
> edit chown_mapped_root() to map in both the root uid and gid, not just the
> uid. Until this kernel patch we were able to be sloppy and only do the uid.
Now, lxc forks and executes here (my uid:gid=1000:100) :
lxc-usernsexec -m u:0:100000:1 -m u:1000:1000:1 -m g:0:100:1 -- chown 0 /dev/pts/3
For this fix, how should we map to? I try:
lxc-usernsexec -m u:0:100000:1 -m g:0:100000:1 -m u:1000:1000:1 -m g:100:100:1 -- chown /dev/pts/3
but this is error.
> There may be other places where we have to make this change, especially
> during container creation and perhaps templates.
I tried some
'lxc-create -t download' works fine.
lxc-destroy do not work.
lxc-destroy 1403257057.556 INFO lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
lxc-destroy 1403257057.556 INFO lxc_confile - read uid map: type u nsid 0 hostid 100000 range 65536
lxc-destroy 1403257057.556 INFO lxc_confile - read uid map: type g nsid 0 hostid 100000 range 65536
lxc-destroy 1403257057.556 WARN lxc_log - lxc_log_init called with log already initialized
lxc-destroy 1403257058.846 ERROR lxc_utils - _recursive_rmdir_onedev: failed to delete /home/karma/.local/share/lxc/ct03/rootfs
lxc-destroy 1403257058.847 ERROR lxc_container - Error destroying rootfs for ct03
--
Thanks
KATOH Yasufumi
More information about the lxc-devel
mailing list