[Lxc-users] setrlimit(3) and containers
Mikhail Gusarov
dottedmag at dottedmag.net
Fri Apr 2 22:08:37 UTC 2010
Twas brillig at 23:04:58 02.04.2010 UTC+02 when daniel.lezcano at free.fr did gyre and gimble:
>> >> Here process drops root privileges, setuids to uid=103 and
>> >> limits itself to 3 processes with this uid. Clone fails due to
>> >> fact there are two processes with uid=103 running in another
>> >> container. Is it a known limitation, or maybe this is already
>> >> handled in newer kernels? (I use 2.6.32)
>>
>> SEH> Hmm, you'll need to unshare the user namespace. Try adding
>> SEH> CLONE_NEWUSER to the list assigned to clone_flags at
>> SEH> lxc/src/lxc/start.c line 353.
>>
>> I tried, and was hit by the following problem:
>>
>> [dottedmag at vertex:~]255% sudo lxc-start -n cf
>> lxc-start: Device or resource busy - could not unmount old rootfs
>> lxc-start: failed to pivot_root to '/var/lib/lxc/cf/rootfs'
>> lxc-start: failed to set rootfs for 'cf'
>> lxc-start: failed to setup the container
>>
DL> Did you try with the git head ?
Yeah, and after git fetch'ing and building again it works fine.
Adding CLONE_NEWUSER to clone_flags definitely fixes the problem.
--
http://fossarchy.blogspot.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20100403/7679f488/attachment.pgp>
More information about the lxc-users
mailing list