[lxc-users] creating device nodes in unprivileged containers?

Fajar A. Nugraha list at fajar.net
Wed Jul 1 09:08:57 UTC 2015 

On Wed, Jul 1, 2015 at 3:38 PM, Tomasz Chmielewski <mangoo at wpkg.org> wrote:
> Really not possible? How do people run debootstrap, pbuilder? These tools

Not as root inside an unprivileged container

> are often parts of build systems, am I really the first one to try to run
> them in LXC?

pbuilder with fakeroot should work

-- 
Fajar

>
>
> Tomasz Chmielewski
> http://wpkg.org
>
>
>
> On 2015-07-01 17:22, Janjaap Bos wrote:
>>
>> You cannot create devices from the container. You need to create them
>> beforehand outside rootfs and bind mount them in the container config.
>>
>>
>> This has been explained in detail on this list, so just do quick
>> search for further info.
>>
>> This only concerns lxd deployments as far as I know.
>> Op 1 jul. 2015 10:08 schreef "Tomasz Chmielewski" <mangoo at wpkg.org>:
>>
>>> In an unprivileged Ubuntu 14.04 container, I'm trying to run a
>>> program which needs to create device nodes.
>>>
>>> Unfortunately it fails:
>>>
>>> # pbuilder-⁠dist trusty i386 create
>>> W: /⁠root/⁠.pbuilderrc does not exist
>>> I: Logging to
>>> /⁠root/⁠pbuilder/⁠trusty-⁠i386_result/⁠last_operation.log
>>> I: Distribution is trusty.
>>> I: Current time: Wed Jul 1 07:25:49 UTC 2015
>>> I: pbuilder-⁠time-⁠stamp: 1435735549
>>> I: Building the build environment
>>> I: running debootstrap
>>> /⁠usr/⁠sbin/⁠debootstrap
>>> mknod: '/var/cache/pbuilder/build/5377/./test-dev-null': Operation
>>> not permitted
>>> E: Cannot install into target '/var/cache/pbuilder/build/5377/.'
>>> mounted with noexec or nodev
>>> E: debootstrap failed
>>> W: Aborting with an error
>>> I: cleaning the build env
>>> I: removing directory /var/cache/pbuilder/build//5377 and its
>>> subdirectories
>>>
>>> So I've tried to add the following to container's config:
>>>
>>> lxc.cap.keep = CAP_MKNOD
>>>
>>> However, the container fails to start:
>>>
>>> lxc-start 1435737618.188 ERROR lxc_conf - conf.c:lxc_setup:3925
>>> - Simultaneously requested dropping and keeping caps
>>>
>>> I don't see "mknod" dropped before in included configs:
>>>
>>> # grep -ri mknod /usr/share/lxc/config/*
>>>
>>> How can I let create custom device nodes?
>>>
>>> The host is running these versions:
>>>
>>> # dpkg -l|grep lxc
>>> ii liblxc1
>>> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
>>> userspace tools (library)
>>> ii lxc
>>> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
>>> userspace tools
>>> ii lxc-templates
>>> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
>>> userspace tools (templates)
>>> ii lxcfs
>>> 0.9-0ubuntu1~ubuntu14.04.1~ppa1 amd64 FUSE based
>>> filesystem for LXC
>>> ii python3-lxc
>>> 1.1.2-0ubuntu3~ubuntu14.04.1~ppa1 amd64 Linux Containers
>>> userspace tools (Python 3.x bindings)
>>>
>>> --
>>> Tomasz Chmielewski
>>> http://wpkg.org [1]
>>>
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users [2]
>>
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list