[lxc-users] lxc-2.0.1 can't start unprivileged container
Stéphane Graber
stgraber at ubuntu.com
Thu Jun 9 19:40:51 UTC 2016
On Thu, Jun 09, 2016 at 12:31:44PM -0700, Mike Wright wrote:
> Hi all,
>
> Environment:
>
> ubuntu xenial 16.04
> kernel 4.4.0-22-generic
> lxc-2.0.1
> liblxc1: Version: 2.0.1-0ubuntu1~16.04.1
> fully upgraded.
>
> Created unprivileged container with:
>
> -n whitney -- -d ubuntu -r xenial -a amd64
>
> config:
> {
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
>
> lxc.include = /usr/share/lxc/config/ubuntu.common.conf
> lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
> lxc.arch = x86_64
>
> lxc.rootfs = /home/mike/.local/share/lxc/whitney/rootfs
> lxc.rootfs.backend = dir
> lxc.utsname = whitney
>
> lxc.network.type = veth
> lxc.network.link = LAN
> lxc.network.flags = down ## ensure not a network err
> lxc.network.hwaddr = 00:16:3e:ef:3e:d2
> }
>
> lxc-start -n whitney fails with:
>
> lxc-start: utils.c: safe_mount: 1692 Operation not permitted - Failed to
> mount proc onto /usr/lib/x86_64-linux-gnu/lxc/proc
>
> Googling shows similar errors back in kernel 3.19. Has this resurrected
> itself?
>
> Recommendations?
>
> Thanks,
> Mike Wright
Sounds like your host /proc is over-mounted which triggers a protection
mechanism in the kernel that prevents an unprivileged user from mounting
it.
Look in your host's /proc/mounts for any mountpoint under /proc, try
unmounting them one by one until you find the one that's triggering the
protection.
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160609/cfae578b/attachment.sig>
More information about the lxc-users
mailing list