[lxc-users] Something changed between 1.1.2 and 1.1.4 for unprivileged containers?

Fajar A. Nugraha list at fajar.net
Fri Oct 16 10:37:21 UTC 2015 

On Fri, Oct 16, 2015 at 4:10 PM, Dirk Geschke <dirk at lug-erding.de> wrote:
>> Does /usr/local/lib/lxc/rootfs/ exist? It should be the path used to
>> temporary mount rootfs (/usr/lib/x86_64-linux-gnu/lxc in ubuntu
>> package)
>
> Yes, it exists. But I think it is only used, if the containers are
> started by the user root?

No. Here's part of my debug log as "vbox" user on ubuntu-trusty,
lxc-1.1.4 from ppa

      lxc-start 1444991282.844 DEBUG    lxc_conf -
conf.c:setup_rootfs:1295 - mounted
'/data/vbox/home/.local/share/lxc/trusty/rootfs' on
'/usr/lib/x86_64-linux-gnu/lxc'
      lxc-start 1444991282.844 INFO     lxc_conf -
conf.c:mount_autodev:1157 - Mounting container /dev
      lxc-start 1444991282.844 INFO     lxc_conf -
conf.c:mount_autodev:1179 - Mounted tmpfs onto
/usr/lib/x86_64-linux-gnu/lxc/dev
      lxc-start 1444991282.844 INFO     lxc_conf -
conf.c:mount_autodev:1197 - Mounted container /dev
      lxc-start 1444991282.844 DEBUG    lxc_conf -
conf.c:mount_entry:1738 - remounting /sys/fs/fuse/connections on
/usr/lib/x86_64-linux-gnu/lxc/sys/fs/fuse/connections
to respect bind or remount options
      lxc-start 1444991282.844 DEBUG    lxc_conf -
conf.c:mount_entry:1753 - (at remount) flags for
/sys/fs/fuse/connections was 4096, required extra flags are 0
      lxc-start 1444991282.844 DEBUG    lxc_conf -
conf.c:mount_entry:1762 - mountflags already was 4096, skipping
remount
      lxc-start 1444991282.844 DEBUG    lxc_conf -
conf.c:mount_entry:1788 - mounted '/sys/fs/fuse/connections' on
'/usr/lib/x86_64-linux-gnu/lxc/sys/fs/fuse/connections'
, type 'none'


So you see, first it mounts the rootfs, then other supporting files/dirs.

My guess is you somehow haven't mounted /sys and /dev on the container
(which lxc should do with default config), so that deeper mounts (e.g.
"/sys/fs/fuse/connections", "/dev/tty") fails.

Do you use custom lxc config file? Does it work if you create a NEW
container using the download template?

-- 
Fajar

More information about the lxc-users mailing list