[lxc-users] Can't Start Unprivileged Container in Ubuntu

jqford at hotmail.com jqford at hotmail.com
Wed Feb 11 13:16:29 UTC 2015 

Serge-

Thanks for the quick response!

Apologies for the cut/paste below of my prior message -- I had the list in Digest mode and couldn't figure out how to reply -- so I just cut/pasted the digest section below.


>Date: Wed, 11 Feb 2015 04:41:23 +0000
>From: Serge Hallyn <serge.hallyn at ubuntu.com>
>To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org>
>Subject: Re: [lxc-users] Can't Start Unprivileged Container in Ubuntu
>	14.10
>Message-ID: <20150211044123.GE7059 at ubuntumail>
>Content-Type: text/plain; charset=us-ascii
>
>Quoting jqford at hotmail.com (jqford at hotmail.com):
>>
>> Thanks to all for the fantastic work on LXC! This is really cool stuff.
>>
>> First-time question here, and I'm pretty new to LXC - so be gentle.
>>
>> I'm having an issue starting unprivileged containers on Ubuntu
>> 14.10.
>>
>> I followed the "Creating unprivileged containers as a user" under the Getting Started guide found at https://linuxcontainers.org/lxc/getting-started/.  Everything works great until I try to start the container -- which is when I get the following error:
>>
>> jimmy at jimmyscomputer:~$ lxc-start -n p1 -F
>>
>>
>> "lxc-start: start.c: print_top_failing_dir: 102 Permission denied - could not access /home/jimmy.  Please grant it 'x' access, or add an ACL for the container root.
>> lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 2
>> lxc-start: start.c: __lxc_start: 1087 failed to spawn 'p1'
>> lxc-start: lxc_start.c: main: 337 The container failed to start.
>> lxc-start: lxc_start.c: main: 341 Additional information can be obtained by setting the --logfile and --logpriority options."
>>
>>
>> 'lxc-start' is being executed by jimmy, so why can't lxc-start
>> access jimmy's home directory?  Jimmy can certainly execute other
>> commands in that directory.
>
>Because lxc-start switches to the container root userid, 100000.

Ah -- got it. 

>
>> Here's the ~/.config/default.config:
>>
>>
>> lxc.network.type = veth
>> lxc.network.link = lxcbr0
>> lxc.network.flags = up
>> lxc.network.hwaddr = 00:16:3e:xx:xx:xx
>> lxc.id_map = u 0 100000 65536
>> lxc.id_map = g 0 100000 65536
>>
>> And here's the  ~/.local/share/lxc/p1/config:
>>
>>
>> # Template used to create this container: /usr/share/lxc/templates/lxc-download
>> # Parameters passed to the template: -d ubuntu -r trusty -a amd64
>> # For additional config options, please look at lxc.container.conf(5)
>>
>> # Distribution configuration
>> lxc.include = /usr/share/lxc/config/ubuntu.common.conf
>> lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
>> lxc.arch = x86_64
>>
>> # Container specific configuration
>> lxc.id_map = u 0 100000 65536
>> lxc.id_map = g 0 100000 65536
>> lxc.rootfs = /home/jimmy/.local/share/lxc/p1/rootfs
>> lxc.utsname = p1
>>
>> # Network configuration
>> lxc.network.type = veth
>> lxc.network.link = lxcbr0
>> lxc.network.flags = up
>> lxc.network.hwaddr = 00:16:3e:xx:xx:xx
>>
>> The rootfs is there, and is owned by 100000.
>
>Yes, but 100000 can't descent /home/jimmy to get to /home/jimmy/.local.  I've
>considered having lxc-start switch to /home/jimmy/.local/share/lxc/p1 and
>then using "./", but that only helps in some cases and the lxc.rootfs could
>actually be anywhere.
>

So I should just move the lxc.rootfs outside of /home/jimmy/ to a place where 100000 can access it?  Would this still be considered an unprivileged container? My system is pretty much plain vanilla.  Wondering if other people that followed the  "Creating unprivileged containers as a user" under the Getting Started guide found at https://linuxcontainers.org/lxc/getting-started/ ran into the same issue (I believe it says to create the rootfs in /home/usr).



>> Many thanks in advance for any help you can provide -- and again,
>> thanks for all the work on LXC.  Very cool stuff.
>>
>>
>> Also -- is there an easy way to search the mail archives for the
>> lxc-users list?
>>
>> Cheers,
>>
>> Josh
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>------------------------------
>
>Subject: Digest Footer
>
>_______________________________________________
>lxc-users mailing list
>lxc-users at lists.linuxcontainers.org
>http://lists.linuxcontainers.org/listinfo/lxc-users
>
>------------------------------
>
>End of lxc-users Digest, Vol 61, Issue 6
>****************************************

More information about the lxc-users mailing list