[lxc-users] unprivileged container with systemd?

Serge Hallyn serge.hallyn at ubuntu.com
Tue Feb 10 16:21:50 UTC 2015 

Quoting Dirk Geschke (dirk at lug-erding.de):
> Hi Serge,
> 
> > > Maybe it is an lxcfs problem at all?
> > 
> > How have you been installing lxcfs?  Is it possible that you have
> > an old copy sitting around?
> 
> Argh, that's the problem:
> 
>    1061            if (setns(newnsfd, 0) < 0)
> 
> There is no setns in glibc of debian wheezy, therefore I copied
> this from lxc:
> 
> /* Define setns() if missing from the C library */
> #ifndef HAVE_SETNS
> static inline int setns(int fd, int nstype)
> {
> #ifdef __NR_setns
>         return syscall(__NR_setns, fd, nstype);
> #elif defined(__NR_set_ns)
>         return syscall(__NR_set_ns, fd, nstype);
> #else
>         errno = ENOSYS;
>         return -1;
> #endif
> }
> #endif
> 
> There is a __NR_setns:
> 
> /usr/include/x86_64-linux-gnu/asm/unistd_64.h:#define __NR_setns 308
> 
> but somehow this is not included during compile time, therefore
> setns is ...hmm... empty? 
> 
> It results in an 
> 
>    errno = -38 ;
>    return -1;
> 
> Call me simply stupid, I had forgotten this adjustment.
> 
> I simply added
> 
>    #define __NR_setns 308
> 
> to lxcfs.c and now it works, it boots ubuntu!
> 
> Ok, I still these errors on login:
> 
> Failed to set cpu.shares on /wheezy/ubuntu-18: Permission denied
> Failed to set cpu.cfs_period_us on /wheezy/ubuntu-18: Permission denied
> Failed to set cpu.cfs_quota_us on /wheezy/ubuntu-18: Permission denied
> Failed to set blkio.weight on /wheezy/ubuntu-18: Permission denied
> Failed to set memory.limit_in_bytes on /wheezy/ubuntu-18: Permission
> denied
> Failed to reset devices.list on /wheezy/ubuntu-18: Permission denied
> Failed to reset devices.list on /wheezy/ubuntu-18/user.slice: Permission
> denied
> Failed to reset devices.list on
> /wheezy/ubuntu-18/user.slice/user-0.slice: Permission denied
> Failed to reset devices.list on
> /wheezy/ubuntu-18/user.slice/user-0.slice/user at 0.service: Permission
> denied
> Failed to reset devices.list on /wheezy/ubuntu-18/system.slice:
> Permission denied
> Cannot determine UID from slice user-0.slice
> Failed to reset devices.list on
> /wheezy/ubuntu-18/user.slice/user-0.slice/session-2.scope: Permission
> denied
> 
> But it works!
> 
> Please accept my apologies for being a moron...
> 
> Best regards and many thanks for your help and patience!

NP :)

-serge

More information about the lxc-users mailing list