[Lxc-users] setrlimit(3) and containers

Daniel Lezcano daniel.lezcano at free.fr
Fri Apr 2 21:04:58 UTC 2010


Mikhail Gusarov wrote:
> Twas brillig at 09:47:33 01.04.2010 UTC-05 when serue at us.ibm.com did gyre and gimble:
>
>  >> Here process drops root privileges, setuids to uid=103 and limits itself
>  >> to 3 processes with this uid. Clone fails due to fact there are two
>  >> processes with uid=103 running in another container.
>  >> 
>  >> Is it a known limitation, or maybe this is already handled in newer
>  >> kernels? (I use 2.6.32)
>
>  SEH> Hmm, you'll need to unshare the user namespace.  Try adding
>  SEH> CLONE_NEWUSER to the list assigned to clone_flags at
>  SEH> lxc/src/lxc/start.c line 353.
>
> I tried, and was hit by the following problem:
>
> [dottedmag at vertex:~]255% sudo lxc-start -n cf                                          
> lxc-start: Device or resource busy - could not unmount old rootfs
> lxc-start: failed to pivot_root to '/var/lib/lxc/cf/rootfs'
> lxc-start: failed to set rootfs for 'cf'
> lxc-start: failed to setup the container
>   

Did you try with the git head ?





More information about the lxc-users mailing list