[lxc-users] trouble starting (or maybe creating?) unprivileged containers as a user
Jonathan Zacsh
jzacsh at gmail.com
Thu Jul 7 13:34:36 UTC 2016
Hi all,
I'm having trouble starting an unprivileged lxc container as a user
(or maybe I'm not creating them
properly?) For reference, this is what I followed initially:
https://linuxcontainers.org/lxc/getting-started/#creating-unprivileged-containers-as-a-user
(and eventually tacked on more as I searched the web to troubleshoot:
see URLs/comments in config below).
Below my signature, I listed relevant lxc config and lxc command
lines, then a handful of
debugging info I've seen is usually asked for with regard to lxc.
Any help/tips is much appreciated!
Jon
== My LXC Commands & Config:
$ lxc-create --name unittests -t download -f ~/.config/lxc/default.conf
snipped: various permissions errors I didn't save...
$ sudo sh -c 'echo 1 > /proc/sys/kernel/unprivileged_userns_clone'
$ lxc-create --name unittests -t download -f ~/.config/lxc/default.conf
Setting up the GPG keyring
Downloading the image index
---
DIST RELEASE ARCH VARIANT BUILD
---
alpine 3.0 amd64 default 20160630_17:50
... snipped
debian sid amd64 default 20160705_22:42
... snipped
ubuntu yakkety s390x default 20160706_03:49
---
Distribution: debian
Release: sid
Architecture: amd64
Using image from local cache
Unpacking the rootfs
---
You just created a Debian container (release=sid, arch=amd64, variant=default)
To enable sshd, run: apt-get install openssh-server
For security reason, container images ship without user accounts
and without a root password.
Use lxc-attach or chroot directly into the rootfs to set a root password
or create user accounts.
$ lxc-start --foreground --logfile
./post-reboot_create-unprivileged.log --name unittests
Error attaching veth9VMB7O to lxcbr0
Quota reached
lxc-start: start.c:
lxc_spawn: 1197 failed to create the configured network
lxc-start:
start.c: __lxc_start: 1353 failed to spawn 'unittests'
lxc-start: lxc_start.c:
main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 348 Additional information can be
obtained by setting the --logfile and --logpriority options.
$ cat ./post-reboot_create-unprivileged.log
lxc-start 20160706233007.226 ERROR lxc_start -
start.c:lxc_spawn:1197 - failed to create the configured network
lxc-start 20160706233007.227 ERROR lxc_start -
start.c:__lxc_start:1353 - failed to spawn 'unittests'
lxc-start 20160706233008.272 ERROR lxc_start_ui -
lxc_start.c:main:344 - The container failed to start.
lxc-start 20160706233008.272 ERROR lxc_start_ui -
lxc_start.c:main:348 - Additional information can be obtained by
setting the --logfile and --logpriority options.
== My Debugging Info
$ uname -a # debian sid
Linux theswan 4.6.0-1-amd64 #1 SMP Debian 4.6.3-1 (2016-07-04) x86_64 GNU/Linux
$ cat /proc/sys/kernel/unprivileged_userns_clone && cat
/sys/fs/cgroup/cpuset/cgroup.clone_children
1
1
$ echo "USER: $USER" && cat /etc/lxc/lxc-usernet # same errors even
if i set this to 100 or 1000
USER: jzacsh
jzacsh veth lxcbr0 10
$ cat -n ~/.config/lxc/default.conf
1 # from lxc-create's error output
2 lxc.include = /etc/lxc/default.conf
3
4 # trouble with unprivileged-create permissions
5 # .. trying from: https://unix.stackexchange.com/a/177031
6 lxc.include = /usr/share/lxc/config/debian.common.conf
7 lxc.include = /usr/share/lxc/config/debian.userns.conf
8
9 lxc.arch = x86_64
10
11 # from https://help.ubuntu.com/lts/serverguide/lxc.html
12 lxc.network.type = veth
13 lxc.network.link = lxcbr0
14 # ... from https://www.flockport.com/lxc-using-unprivileged-containers/
15 lxc.network.flags = up
16 lxc.network.hwaddr = 00:16:3e:xx:xx:xx
17
18 # ... for nested containers:
19 lxc.mount.auto = cgroup
20 lxc.aa_profile = lxc-container-default-with-nesting
21
22 # from lxc-create's error output
23 lxc.id_map = u 0 1476256 65536
24 lxc.id_map = g 0 1476256 65536
More information about the lxc-users
mailing list