[lxc-users] lxc-2.0.1 can't start unprivileged container

Stéphane Graber stgraber at ubuntu.com
Thu Jun 9 19:40:51 UTC 2016


On Thu, Jun 09, 2016 at 12:31:44PM -0700, Mike Wright wrote:
> Hi all,
> 
> Environment:
> 
>   ubuntu xenial 16.04
>   kernel 4.4.0-22-generic
>   lxc-2.0.1
>   liblxc1: Version: 2.0.1-0ubuntu1~16.04.1
>   fully upgraded.
> 
> Created unprivileged container with:
> 
>   -n whitney -- -d ubuntu -r xenial -a amd64
> 
> config:
> {
>   lxc.id_map = u 0 100000 65536
>   lxc.id_map = g 0 100000 65536
> 
>   lxc.include = /usr/share/lxc/config/ubuntu.common.conf
>   lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
>   lxc.arch = x86_64
> 
>   lxc.rootfs = /home/mike/.local/share/lxc/whitney/rootfs
>   lxc.rootfs.backend = dir
>   lxc.utsname = whitney
> 
>   lxc.network.type = veth
>   lxc.network.link = LAN
>   lxc.network.flags = down  ## ensure not a network err
>   lxc.network.hwaddr = 00:16:3e:ef:3e:d2
> }
> 
> lxc-start -n whitney fails with:
> 
> lxc-start: utils.c: safe_mount: 1692 Operation not permitted - Failed to
> mount proc onto /usr/lib/x86_64-linux-gnu/lxc/proc
> 
> Googling shows similar errors back in kernel 3.19.  Has this resurrected
> itself?
> 
> Recommendations?
> 
> Thanks,
> Mike Wright

Sounds like your host /proc is over-mounted which triggers a protection
mechanism in the kernel that prevents an unprivileged user from mounting
it.

Look in your host's /proc/mounts for any mountpoint under /proc, try
unmounting them one by one until you find the one that's triggering the
protection.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160609/cfae578b/attachment.sig>


More information about the lxc-users mailing list