[lxc-users] Building LXC 1.1 on Debian 8

Xavier Gendre gendre.reivax at gmail.com
Thu Apr 2 21:10:27 UTC 2015 

If it can help you, i have summarized all the Serge's advices (the 
CLONE_NEWUSER trick, in particular) about containers in Debian in a 
little script to handle user-owned unprivileged containers and make them 
autostart. This is called mithlond,

https://github.com/Meseira/mithlond

This is build for Debian Jessie, thus you should find some useful things 
inside, i hope ;-)

Xavier

Le 02/04/2015 22:49, Serge Hallyn a écrit :
> Quoting Joshua Schaeffer (jschaeffer0922 at gmail.com):
>> I've been using LXC's on Debian 7 for over a year now and everything has
>> been working great, but I've just been using the version that is packaged
>> with the distro and I figured it's probably time to get up to date and
>> start taking advantage of the newer features and unprivileged containers.
>> So I've created a VM with Debian 8 on it and downloaded the source for LXC
>> 1.1.1.
>>
>> I configured, compiled, and installed the software without any issues, but
>> when I try to run lxc-create as a regular user I get the following error:
>>
>> --------------------------------------------------------------------------
>> lxcuser at thinkhost:~$ lxc-create -t download -n c1
>> unshare: Operation not permitted
>
> Since unshare failed, your kernel seems to not be allowing unprivileged
> CLONE_NEWUSER.  Check whether there is a sysctl called
> /proc/sys/kernel/unprivileged_userns_clone, and if so set it to 1.
>
>> read pipe: Success
>> lxc_container: lxccontainer.c: do_create_container_dir: 772 Failed to chown
>> container dir
>> lxc_container: lxc_create.c: main: 274 Error creating container c2
>> --------------------------------------------------------------------------
>>
>> I've set execute rights on the home directory for that user. Seems like I'm
>> missing something obvious. Below is the configure parameters I used. make,
>> make check, and make install reported no problems or errors:
>>
>> ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
>> --enable-doc --enable-capabilities --with-distro=debian
>>
>> I can run the above command as root and it successfully downloads the
>> template and creates the container which I can then attach to.
>>
>> Thanks,
>> Joshua
>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>

More information about the lxc-users mailing list