[lxc-users] unprivileged container with systemd?

[Dirk Geschke]

Hi Serge,

> > Maybe it is an lxcfs problem at all?
> 
> How have you been installing lxcfs?  Is it possible that you have
> an old copy sitting around?

Argh, that's the problem:

   1061            if (setns(newnsfd, 0) < 0)

There is no setns in glibc of debian wheezy, therefore I copied
this from lxc:

/* Define setns() if missing from the C library */
#ifndef HAVE_SETNS
static inline int setns(int fd, int nstype)
{
#ifdef __NR_setns
        return syscall(__NR_setns, fd, nstype);
#elif defined(__NR_set_ns)
        return syscall(__NR_set_ns, fd, nstype);
#else
        errno = ENOSYS;
        return -1;
#endif
}
#endif

There is a __NR_setns:

/usr/include/x86_64-linux-gnu/asm/unistd_64.h:#define __NR_setns 308

but somehow this is not included during compile time, therefore
setns is ...hmm... empty? 

It results in an 

   errno = -38 ;
   return -1;

Call me simply stupid, I had forgotten this adjustment.

I simply added

   #define __NR_setns 308

to lxcfs.c and now it works, it boots ubuntu!

Ok, I still these errors on login:

Failed to set cpu.shares on /wheezy/ubuntu-18: Permission denied
Failed to set cpu.cfs_period_us on /wheezy/ubuntu-18: Permission denied
Failed to set cpu.cfs_quota_us on /wheezy/ubuntu-18: Permission denied
Failed to set blkio.weight on /wheezy/ubuntu-18: Permission denied
Failed to set memory.limit_in_bytes on /wheezy/ubuntu-18: Permission
denied
Failed to reset devices.list on /wheezy/ubuntu-18: Permission denied
Failed to reset devices.list on /wheezy/ubuntu-18/user.slice: Permission
denied
Failed to reset devices.list on
/wheezy/ubuntu-18/user.slice/user-0.slice: Permission denied
Failed to reset devices.list on
/wheezy/ubuntu-18/user.slice/user-0.slice/user at 0.service: Permission
denied
Failed to reset devices.list on /wheezy/ubuntu-18/system.slice:
Permission denied
Cannot determine UID from slice user-0.slice
Failed to reset devices.list on
/wheezy/ubuntu-18/user.slice/user-0.slice/session-2.scope: Permission
denied

But it works!

Please accept my apologies for being a moron...

Best regards and many thanks for your help and patience!

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at geschke-online.de / dirk at lug-erding.de  / kontakt at lug-erding.de |
+----------------------------------------------------------------------+