[lxc-users] Debian and unprivileged LXC not working...

Dirk Geschke dirk at lug-erding.de
Wed Dec 13 19:16:14 UTC 2017


Hi Christian,

> > > Older liblxc version used system() instead of run_command(). For
> > > system() POSIX leaves it unspecified whether pthread_atfork() handlers
> > > are called but glibc's implementation of system() guarantees that they
> > > are not. But there's no requirement. So this might be why we have been
> > > fine - by chance - all of the time.
> > 
> > I don't think so.  The previous system did not use system(), it just
> > did a clone() followed by calling the fn directly.
> 
> This commit is present at least in 1.0.11 until at least 2.0.4 and it
> has lxc_map_ids() call system() when new{g,u}idmap is used:
> 
> commit cf3ef16dc479c102433a82b8ddbb4265d3818cce
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date:   Wed Oct 23 01:02:57 2013 +0000

just for the record, lxc-2.0.8 is still working this way, but it
stops starting with lxc-2.0.9 and the whole lxc-2.1.x branch.

I have no idea, what happened to break it nor do I have any clue
to fix it. But since I like to use unprivileged containers, it
would be nice to get it running again.

Can I help in any way?

Best regards

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at geschke-online.de / dirk at lug-erding.de  / kontakt at lug-erding.de |
+----------------------------------------------------------------------+


More information about the lxc-users mailing list