[lxc-users] unprivileged container won't start; is encrypted home directory the problem?

Mon Feb 16 15:03:20 UTC 2015

Yep - already answered.  Not sure why the bump came through today.  

Thanks again!

On February 16, 2015 9:50:41 AM EST, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
>Quoting Josh Ford (ford at ford-legal.com):
>> bump?
>
>Wasn't this answered last week?  (Maybe it was someone else)  As the
>error message
>indicates, your container root user (1000000) is not being allowed to
>descend under
>/home/jimmy.  Either give w+x to /home/jimmy or use an ACL to give
>100000 x.
>
>> On Sat 02-07-15 11:18, Josh Ford wrote:
>> >First -- thanks to all for the fantastic work on LXC!
>> >
>> >First-time question here...
>> >
>> >My platform is:
>> >
>> >Ubuntu 14.10
>> >LVM disk encryption
>> >Encrypted home directory for the user that is creating and starting
>the container (this is a laptop).
>> >
>> >I'm having an issue starting unprivileged containers -- though
>> >I've had success running privileged containers in the past without
>> >problems on the same platform.
>> >
>> >I followed the "Creating unprivileged containers as a user" under
>the Getting Started guide found at
>https://linuxcontainers.org/lxc/getting-started/.  Everything works
>great until I try to start the container -- which is when I get the
>following error:
>> >
>> >jimmy at jimmyscomputer:~$ lxc-start -n p1 -F
>> >
>> >
>> >"lxc-start: start.c: print_top_failing_dir: 102 Permission denied -
>could not access /home/jimmy.  Please grant it 'x' access, or add an
>ACL for the container root.
>> >lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1.
>expected 2
>> >lxc-start: start.c: __lxc_start: 1087 failed to spawn 'p1'
>> >lxc-start: lxc_start.c: main: 337 The container failed to start.
>> >lxc-start: lxc_start.c: main: 341 Additional information can be
>obtained by setting the --logfile and --logpriority options."
>> >
>> >
>> >'lxc-start' is being executed by jimmy, so why can't lxc-start
>> >access jimmy's home directory?  Jimmy can certainly execute other
>> >commands in that directory.
>> >
>> >Here's the ~/.config/default.config:
>> >
>> >
>> >lxc.network.type = veth
>> >lxc.network.link = lxcbr0
>> >lxc.network.flags = up
>> >lxc.network.hwaddr = 00:16:3e:xx:xx:xx
>> >lxc.id_map = u 0 100000 65536
>> >lxc.id_map = g 0 100000 65536
>> >
>> >And here's the  ~/.local/share/lxc/p1/config:
>> >
>> >
>> ># Template used to create this container:
>/usr/share/lxc/templates/lxc-download
>> ># Parameters passed to the template: -d ubuntu -r trusty -a amd64
>> ># For additional config options, please look at
>lxc.container.conf(5)
>> >
>> ># Distribution configuration
>> >lxc.include = /usr/share/lxc/config/ubuntu.common.conf
>> >lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
>> >lxc.arch = x86_64
>> >
>> ># Container specific configuration
>> >lxc.id_map = u 0 100000 65536
>> >lxc.id_map = g 0 100000 65536
>> >lxc.rootfs = /home/jimmy/.local/share/lxc/p1/rootfs
>> >lxc.utsname = p1
>> >
>> ># Network configuration
>> >lxc.network.type = veth
>> >lxc.network.link = lxcbr0
>> >lxc.network.flags = up
>> >lxc.network.hwaddr = 00:16:3e:xx:xx:xx
>> >
>> >The rootfs is there, and is owned by 100000.
>> >
>> >Poor jimmy.  The only quirk I can think of here is that jimmy's home
>directory is encrypted [??]  Just a wild guess though.
>> >
>> >Many thanks in advance for any help you can provide -- and again,
>> >thanks for all the work on LXC.  Very cool stuff.
>> >
>> >Oh -- also -- is there some easy way to search the list archives?
>Apologies if that's a silly question, but I was trying to solve this
>myself and didn't see a way to do it other than to browse through each
>thread.
>> >
>> >Cheers,
>> >
>> >Josh
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>_______________________________________________
>lxc-users mailing list
>lxc-users at lists.linuxcontainers.org
>http://lists.linuxcontainers.org/listinfo/lxc-users