[lxc-users] Can't Start Unprivileged Container in Ubuntu 14.10

Serge Hallyn serge.hallyn at ubuntu.com
Wed Feb 11 04:41:23 UTC 2015 

Quoting jqford at hotmail.com (jqford at hotmail.com):
> 
> Thanks to all for the fantastic work on LXC! This is really cool stuff.
> 
> First-time question here, and I'm pretty new to LXC - so be gentle.
> 
> I'm having an issue starting unprivileged containers on Ubuntu
> 14.10.
> 
> I followed the "Creating unprivileged containers as a user" under the Getting Started guide found at https://linuxcontainers.org/lxc/getting-started/.  Everything works great until I try to start the container -- which is when I get the following error:
> 
> jimmy at jimmyscomputer:~$ lxc-start -n p1 -F
> 
> 
> "lxc-start: start.c: print_top_failing_dir: 102 Permission denied - could not access /home/jimmy.  Please grant it 'x' access, or add an ACL for the container root.
> lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 2
> lxc-start: start.c: __lxc_start: 1087 failed to spawn 'p1'
> lxc-start: lxc_start.c: main: 337 The container failed to start.
> lxc-start: lxc_start.c: main: 341 Additional information can be obtained by setting the --logfile and --logpriority options."
> 
> 
> 'lxc-start' is being executed by jimmy, so why can't lxc-start
> access jimmy's home directory?  Jimmy can certainly execute other
> commands in that directory.

Because lxc-start switches to the container root userid, 100000.

> Here's the ~/.config/default.config:
> 
> 
> lxc.network.type = veth
> lxc.network.link = lxcbr0
> lxc.network.flags = up
> lxc.network.hwaddr = 00:16:3e:xx:xx:xx
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
> 
> And here's the  ~/.local/share/lxc/p1/config:
> 
> 
> # Template used to create this container: /usr/share/lxc/templates/lxc-download
> # Parameters passed to the template: -d ubuntu -r trusty -a amd64
> # For additional config options, please look at lxc.container.conf(5)
> 
> # Distribution configuration
> lxc.include = /usr/share/lxc/config/ubuntu.common.conf
> lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
> lxc.arch = x86_64
> 
> # Container specific configuration
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
> lxc.rootfs = /home/jimmy/.local/share/lxc/p1/rootfs
> lxc.utsname = p1
> 
> # Network configuration
> lxc.network.type = veth
> lxc.network.link = lxcbr0
> lxc.network.flags = up
> lxc.network.hwaddr = 00:16:3e:xx:xx:xx
> 
> The rootfs is there, and is owned by 100000.

Yes, but 100000 can't descent /home/jimmy to get to /home/jimmy/.local.  I've
considered having lxc-start switch to /home/jimmy/.local/share/lxc/p1 and
then using "./", but that only helps in some cases and the lxc.rootfs could
actually be anywhere.

> Many thanks in advance for any help you can provide -- and again,
> thanks for all the work on LXC.  Very cool stuff.
> 
> 
> Also -- is there an easy way to search the mail archives for the
> lxc-users list?
> 
> Cheers,
> 
> Josh
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list