[lxc-users] unprivileged container won't start; is encrypted home directory the problem?

Josh Ford ford at ford-legal.com
Tue Feb 10 03:57:35 UTC 2015


bump?


On Sat 02-07-15 11:18, Josh Ford wrote:
>First -- thanks to all for the fantastic work on LXC!
>
>First-time question here...
>
>My platform is:
>
>Ubuntu 14.10
>LVM disk encryption
>Encrypted home directory for the user that is creating and starting the container (this is a laptop).
>
>I'm having an issue starting unprivileged containers -- though I've 
>had success running privileged containers in the past without problems 
>on the same platform.
>
>I followed the "Creating unprivileged containers as a user" under the Getting Started guide found at https://linuxcontainers.org/lxc/getting-started/.  Everything works great until I try to start the container -- which is when I get the following error:
>
>jimmy at jimmyscomputer:~$ lxc-start -n p1 -F
>
>
>"lxc-start: start.c: print_top_failing_dir: 102 Permission denied - could not access /home/jimmy.  Please grant it 'x' access, or add an ACL for the container root.
>lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 2
>lxc-start: start.c: __lxc_start: 1087 failed to spawn 'p1'
>lxc-start: lxc_start.c: main: 337 The container failed to start.
>lxc-start: lxc_start.c: main: 341 Additional information can be obtained by setting the --logfile and --logpriority options."
>
>
>'lxc-start' is being executed by jimmy, so why can't lxc-start access 
>jimmy's home directory?  Jimmy can certainly execute other commands in 
>that directory.
>
>Here's the ~/.config/default.config:
>
>
>lxc.network.type = veth
>lxc.network.link = lxcbr0
>lxc.network.flags = up
>lxc.network.hwaddr = 00:16:3e:xx:xx:xx
>lxc.id_map = u 0 100000 65536
>lxc.id_map = g 0 100000 65536
>
>And here's the  ~/.local/share/lxc/p1/config:
>
>
># Template used to create this container: /usr/share/lxc/templates/lxc-download
># Parameters passed to the template: -d ubuntu -r trusty -a amd64
># For additional config options, please look at lxc.container.conf(5)
>
># Distribution configuration
>lxc.include = /usr/share/lxc/config/ubuntu.common.conf
>lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
>lxc.arch = x86_64
>
># Container specific configuration
>lxc.id_map = u 0 100000 65536
>lxc.id_map = g 0 100000 65536
>lxc.rootfs = /home/jimmy/.local/share/lxc/p1/rootfs
>lxc.utsname = p1
>
># Network configuration
>lxc.network.type = veth
>lxc.network.link = lxcbr0
>lxc.network.flags = up
>lxc.network.hwaddr = 00:16:3e:xx:xx:xx
>
>The rootfs is there, and is owned by 100000.
>
>Poor jimmy.  The only quirk I can think of here is that jimmy's home directory is encrypted [??]  Just a wild guess though.
>
>Many thanks in advance for any help you can provide -- and again, 
>thanks for all the work on LXC.  Very cool stuff.
>
>Oh -- also -- is there some easy way to search the list archives? Apologies if that's a silly question, but I was trying to solve this myself and didn't see a way to do it other than to browse through each thread.
>
>Cheers,
>
>Josh


More information about the lxc-users mailing list