[lxc-users] Something changed between 1.1.2 and 1.1.4 for unprivileged containers?
Dirk Geschke
dirk at lug-erding.de
Fri Oct 16 09:10:23 UTC 2015
Hi Fador,
> Please keep the list in to/cc
oops, I thought the list was included...
> > oh, it even does not run if I login as this unprivileged user
> > via ssh, still the same error:
> >
>
> You should've mentioned this earlier :)
I thought, I mentioned it. I was just suprised, that it works with
1.1.2 without any problems but fails the same way with 1.1.4.
> This should work before moving into fancy things like starting from systemd.
It's plain old Sys-V-Init, no systemd, no lxcfs, plain lxc-1.1.4
from the sources, compiled the same way as 1.1.2.
> > I still suspect, there is a problem with the path which seems to have
> > changed between 1.1.2 and 1.1.4.
> >
>
> Probably. I'm guessing it's part of hardening against sysmlink exploit.
>
> Does /usr/local/lib/lxc/rootfs/ exist? It should be the path used to
> temporary mount rootfs (/usr/lib/x86_64-linux-gnu/lxc in ubuntu
> package)
Yes, it exists. But I think it is only used, if the containers are
started by the user root?
Best regards
Dirk
--
+----------------------------------------------------------------------+
| Dr. Dirk Geschke / Plankensteinweg 61 / 85435 Erding |
| Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 |
| dirk at geschke-online.de / dirk at lug-erding.de / kontakt at lug-erding.de |
+----------------------------------------------------------------------+
More information about the lxc-users
mailing list