[lxc-users] Cannot reach login prompt when root mapped to host user id

Serge Hallyn serge.hallyn at ubuntu.com
Tue Jun 2 00:56:37 UTC 2015 

Quoting Tomassino Ferrauto (t_ferrauto at yahoo.it):
> Hi all,
>         I have a minor problem with unprivileged containers, I don't
> know whether it is a bug in lxc or a configuration problem. What I'm
> trying to do is running unprivileged containers in which the root user
> in the container is mapped to the user that started the container in
> the host. Everything works fine (including lxc-attach) except that
> when the container is started in foreground, the login prompt is never
> reached. I have messages like these:
> 
> [...]
>  * Starting save kernel messages   ...done.
>  * Starting regular background program processing daemon   ...done.
>  * Stopping System V runlevel compatibility   ...done.
> <4>init: setvtrgb main process (415) terminated with status 1
> <4>init: plymouth-upstart-bridge main process ended, respawning
> <4>init: tty4 main process (363) terminated with status 1
> <4>init: tty4 main process ended, respawning
> <4>init: tty2 main process (365) terminated with status 1
> <4>init: tty2 main process ended, respawning
> <4>init: tty3 main process (366) terminated with status 1
> <4>init: tty3 main process ended, respawning
> <4>init: console main process (405) terminated with status 1
> <4>init: console main process ended, respawning
> <4>init: tty1 main process (411) terminated with status 1
> <4>init: tty1 main process ended, respawning
> <4>init: setvtrgb main process (433) terminated with status 1
> <4>init: tty4 main process (423) terminated with status 1
> <4>init: tty4 main process ended, respawning
> <4>init: tty2 main process (425) terminated with status 1
> <4>init: tty2 main process ended, respawning
> <4>init: tty3 main process (427) terminated with status 1
> <4>init: tty3 main process ended, respawning
> <4>init: console main process (429) terminated with status 1
> <4>init: console main process ended, respawning
> <4>init: tty1 main process (431) terminated with status 1
> <4>init: tty1 main process ended, respawning
> <4>init: setvtrgb main process (450) terminated with status 1
> 
> The configuration file for the container is:
> 
> # Template used to create this container: /usr/share/lxc/templates/lxc-download
> # Parameters passed to the template: -d ubuntu -r trusty -a amd64
> # For additional config options, please look at lxc.container.conf(5)
> 
> # Distribution configuration
> lxc.include = /usr/share/lxc/config/ubuntu.common.conf
> lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
> lxc.arch = x86_64
> 
> # Container specific configuration
> lxc.id_map = u 0 1001 1
> lxc.id_map = g 0 1001 1
> lxc.id_map = u 1 1017505 65535
> lxc.id_map = g 1 1017505 65535
> lxc.rootfs = /home/tommy/.local/share/lxc/userRoot/rootfs
> lxc.utsname = userRoot
> 
> # Network configuration
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = lxcbr0
> lxc.network.hwaddr = 00:16:3e:32:4b:d2
> 
> The host is Debian Jessie. It seems to me that there are problems with
> permissions of some devices, here is the content of /dev (seen from
> the host)
> 
> tommy at octopus:/proc/4436/root/dev$ ls -nahl
> total 8.0K
> drwxr-xr-x  3 1001 1001   4.0K May 23 12:17 .
> drwxr-xr-x 21 1001 1001   4.0K May 23 12:17 ..
> crw-------  1 1001    5 136, 7 May 23 12:28 console
> lrwxrwxrwx  1 1001 1001     11 May 11 04:16 core -> /proc/kcore
> lrwxrwxrwx  1 1001 1001     13 May 11 04:16 fd -> /proc/self/fd
> crw-rw-rw-  1    0    0   1, 7 May 23 11:49 full
> lrwxrwxrwx  1 1001 1001      7 May 23 12:17 kmsg -> console
> srw-rw-rw-  1 1001 1001      0 May 23 12:17 log
> crw-rw-rw-  1    0    0   1, 3 May 23 11:49 null
> lrwxrwxrwx  1 1001 1001     13 May 23 12:08 ptmx -> /dev/pts/ptmx
> drwxr-xr-x  2    0    0      0 May 23 12:17 pts
> lrwxrwxrwx  1 1001 1001      4 May 11 04:16 ram -> ram1
> crw-rw-rw-  1    0    0   1, 8 May 23 11:49 random
> lrwxrwxrwx  1 1001 1001      8 May 11 04:16 shm -> /run/shm
> lrwxrwxrwx  1 1001 1001      4 May 11 04:16 stderr -> fd/2
> lrwxrwxrwx  1 1001 1001      4 May 11 04:16 stdin -> fd/0
> lrwxrwxrwx  1 1001 1001      4 May 11 04:16 stdout -> fd/1
> crw-rw-rw-  1    0    5   5, 0 May 23 12:28 tty
> crw--w----  1 1001    5 136, 3 May 23 12:17 tty1

When I do use an analogous configuration to the above, my ttys are
owned by the shifted uid 5 as they are supposed to be.  Which version
of lxc are you using?

More information about the lxc-users mailing list