[lxc-users] lxc-checkpoint failed when restore unprivileged containers
Tycho Andersen
tycho.andersen at canonical.com
Wed Mar 23 16:30:09 UTC 2016
On Wed, Mar 23, 2016 at 05:15:54PM +0800, Ocean Chen wrote:
> When restore an unprivilleged container from checkpoint, it failed with error "Error (image.c:318): Unable to open netns-9.img: Permission denied".
You need to uidshift the images themselves into the root uid of the
container so it can open them after it unshares it's user namespace.
Tycho
>
> I run everything in root, and has below lines in lxc config file to have unprivilleged container.
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
>
>
> The cmd to restore container is:
> lxc-checkpoint -n wily8 -D /var/lib/lxc/wily8/dump -r TRACE -v
>
>
> Error in dump.log from ciru is:
>
>
> (00.005616) Wait until namespaces are created
> (00.006988) Running setup-namespaces scripts
> (00.007010) 1: Calling restore_sid() for init
> (00.007017) 1: Restoring 1 to 1 sid
> (00.007091) 1: Mount procfs in crtools-proc.goosvl
> (00.007154) 1: Restoring namespaces 1 flags 0x7c028000
> (00.007196) 1: Error (image.c:318): Unable to open netns-9.img: Permission denied
> (00.007374) Error (cr-restore.c:1306): 10779 exited, status=1
>
>
> My env:
> ubuntu 15.10 with 4.4.5-040405-generic
> lxc 2.0.0~rc13
> criu 2.0
> checkpoint used to work in my env when I using lxc 2.0.0~rc10 for unprivileged containers, but not after I update to rc13.
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list