[lxc-users] unprivileged container with systemd?
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Feb 9 15:36:53 UTC 2015
Quoting Dirk Geschke (dirk at lug-erding.de):
> Hi all,
>
> I just to follow
>
> https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
>
> once more to install a new container and it fails. First of all it
> was a problem with the access to the directory
>
> ~/.local/share/lxc/jessie1
>
> The owner changed to a mapped one -> 100000 and then there was no
> access for the lxcuser, which has uid 1001. I fixed this via setting
> write access for the users group.
>
> But then I installed a download template:
>
> lxc-create -t download -n jessie1 -- -d debian -r jessie -a amd64
>
> which worked without problems (except warnings regarding reopen tty).
>
> If I try to start the container it ends up with:
>
> ~$ lxc-start -n jessie1
> lxc_container: Permission denied - Unable to create /dev/.lxc for autodev
> Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
>
> Here it ends, nothing more happens and only a kill -9 works...
>
> And yes, /sbin/init in the container is now a link to systemd:
>
> /sbin/init -> /lib/systemd/systemd
>
> I suspect, this does not work at all without cgroup namespace support
> in the kernel? Or am I missing something else?
There's something else you're missing, but I'm not sure what. What is
your environment (os/release and any custom installs)? Try 1.1.0, and
make sure to re-create the container as the new config file should be
more correct for systemd backed containers.
More information about the lxc-users
mailing list