[lxc-users] Something changed between 1.1.2 and 1.1.4 for unprivileged containers?

Dirk Geschke dirk at lug-erding.de
Fri Oct 16 09:10:23 UTC 2015


Hi Fador,

> Please keep the list in to/cc

oops, I thought the list was included...

> > oh, it even does not run if I login as this unprivileged user
> > via ssh, still the same error:
> >
> 
> You should've mentioned this earlier :)

I thought, I mentioned it. I was just suprised, that it works with 
1.1.2 without any problems but fails the same way with 1.1.4.

> This should work before moving into fancy things like starting from systemd.

It's plain old Sys-V-Init, no systemd, no lxcfs, plain lxc-1.1.4
from the sources, compiled the same way as 1.1.2.

> > I still suspect, there is a problem with the path which seems to have
> > changed between 1.1.2 and 1.1.4.
> >
> 
> Probably. I'm guessing it's part of hardening against sysmlink exploit.
> 
> Does /usr/local/lib/lxc/rootfs/ exist? It should be the path used to
> temporary mount rootfs (/usr/lib/x86_64-linux-gnu/lxc in ubuntu
> package)

Yes, it exists. But I think it is only used, if the containers are
started by the user root? 

Best regards

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at geschke-online.de / dirk at lug-erding.de  / kontakt at lug-erding.de |
+----------------------------------------------------------------------+


More information about the lxc-users mailing list