[lxc-devel] Unprivilege containers do not work on kernel 3.14.8, 3.15.1

Serge Hallyn serge.hallyn at ubuntu.com
Fri Jun 20 17:15:58 UTC 2014 

Quoting KATOH Yasufumi (karma at jazz.email.ne.jp):
> I don't understand this so much...
> 
> >>> On Thu, 19 Jun 2014 21:16:51 +0000
>     in message   "Re: [lxc-devel] Unprivilege containers do not work on kernel 3.14.8, 3.15.1"
>                   Serge Hallyn-san wrote:
> 
> > oh - yeah, if you want to send a patch to fix this, what you'll need to do is
> > edit chown_mapped_root() to map in both the root uid and gid, not just the
> > uid.  Until this kernel patch we were able to be sloppy and only do the uid.
> 
> Now, lxc forks and executes here (my uid:gid=1000:100) :
>   lxc-usernsexec -m u:0:100000:1 -m u:1000:1000:1 -m g:0:100:1 -- chown 0 /dev/pts/3
> 
> For this fix, how should we map to? I try:
>   lxc-usernsexec -m u:0:100000:1 -m g:0:100000:1 -m u:1000:1000:1 -m g:100:100:1 -- chown /dev/pts/3
> but this is error.

Why is this an error?  Is it bc you did 'chown file' instead of 'chown 0 file'? :)

Oh, you don't have uid 0 in the container mapped.  How about

lxc-usernsexec -m u:0:100000:1 -m u:1000:1000:1 -m g:0:100000:1 -m g:100:100:1 -- chown 0 /dev/pts/3

> > There may be other places where we have to make this change, especially
> > during container creation and perhaps templates.
> 
> I tried some
>   'lxc-create -t download' works fine.
>   lxc-destroy do not work.
> 
>     lxc-destroy 1403257057.556 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
>     lxc-destroy 1403257057.556 INFO     lxc_confile - read uid map: type u nsid 0 hostid 100000 range 65536
>     lxc-destroy 1403257057.556 INFO     lxc_confile - read uid map: type g nsid 0 hostid 100000 range 65536
>     lxc-destroy 1403257057.556 WARN     lxc_log - lxc_log_init called with log already initialized
>     lxc-destroy 1403257058.846 ERROR    lxc_utils - _recursive_rmdir_onedev: failed to delete /home/karma/.local/share/lxc/ct03/rootfs
>     lxc-destroy 1403257058.847 ERROR    lxc_container - Error destroying rootfs for ct03
> 
> -- 
> Thanks
> KATOH Yasufumi
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

More information about the lxc-devel mailing list