[lxc-users] Do nested containers require that unprivileged container creation be supported?
Michael H. Warfield
mhw at WittsEnd.com
Sat Apr 5 20:13:35 UTC 2014
On Sat, 2014-04-05 at 22:37 +0300, Rami Rosen wrote:
> Hi, Nels,
>
> Regarding you question, as appeared as the subject of your post:
> "Do nested containers require that unprivileged container creation be
> supported?"
> Fedora 20 does not support user namespaces, as lxc-checkconfig shows;
> so it does not support unprivileged containers. However, I had created
> (with lxc-create) an LXC fedora container under Fedora 20. From within
> that container I created a nested LXC busybox container, and I could
> start that nested container successfully.
Time out! Breaking news... Fedora 20 originally did not support user
namespaces on initial install. Run yum update and reboot... Then...
[root at hydra mhw]# cat /etc/redhat-release
Fedora release 20 (Heisenbug)
[root at hydra mhw]# uname -a
Linux hydra.wittsend.com 3.13.7-200.fc20.x86_64 #1 SMP Mon Mar 24 22:01:49 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root at hydra mhw]# lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.13.7-200.fc20.x86_64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled
Looks to be enabled to me.
> Best regards,
> Rami Rosen
> http://ramirose.wix.com/ramirosen
Always check on the latest update. Things do change in the Fedora
sphere.
Regards,
Mike
> On Fri, Apr 4, 2014 at 8:02 PM, Nels Nelson <nels.n.nelson at gmail.com> wrote:
> > Hi, I'm trying to create a container nested within another. I'm sure I'm
> > probably going about it incorrectly. Here's what I have so far:
> >
> > https://gist.github.com/nelsnelson/9978457
> >
> > The error I encounter seems to be
> >
> > lxc-create: No such file or directory - failed to create container path
> > for inner
> > lxc-create: Error creating container inner
> >
> > Is this because the privileges in the outer container are not sufficient?
> >
> > Thanks,
> > -Nels
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140405/b5ebb484/attachment.pgp>
More information about the lxc-users
mailing list