[lxc-users] lxc-checkpoint failed when restore unprivileged containers

Tycho Andersen tycho.andersen at canonical.com
Wed Mar 23 16:30:09 UTC 2016


On Wed, Mar 23, 2016 at 05:15:54PM +0800, Ocean Chen wrote:
> When restore an unprivilleged container from checkpoint, it failed with error "Error (image.c:318): Unable to open netns-9.img: Permission denied".

You need to uidshift the images themselves into the root uid of the
container so it can open them after it unshares it's user namespace.

Tycho

> 
> I run everything in root, and has below lines in lxc config file to have unprivilleged container.
>   lxc.id_map = u 0 100000 65536
>   lxc.id_map = g 0 100000 65536
> 
> 
> The cmd to restore container is:
>   lxc-checkpoint -n wily8 -D /var/lib/lxc/wily8/dump -r TRACE -v
> 
> 
> Error in dump.log from ciru is:
> 
> 
> (00.005616) Wait until namespaces are created
> (00.006988) Running setup-namespaces scripts
> (00.007010)      1: Calling restore_sid() for init
> (00.007017)      1: Restoring 1 to 1 sid
> (00.007091)      1: Mount procfs in crtools-proc.goosvl
> (00.007154)      1: Restoring namespaces 1 flags 0x7c028000
> (00.007196)      1: Error (image.c:318): Unable to open netns-9.img: Permission denied
> (00.007374) Error (cr-restore.c:1306): 10779 exited, status=1
> 
> 
> My env:
> ubuntu 15.10 with 4.4.5-040405-generic
> lxc 2.0.0~rc13
> criu 2.0
> checkpoint used to work in my env when I using lxc 2.0.0~rc10 for unprivileged containers, but not after I update to rc13.
> 

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users



More information about the lxc-users mailing list