[lxc-users] Numerous errors running unprivileged container on Arch Linux x86_64
John
da_audiophile at yahoo.com
Tue Jan 10 20:54:22 UTC 2017
I setup /etc/subuid and /etc/subgid and modified /etc/lxc/default.conf to add the needed uid/gids:
% grep root /etc/sub*
/etc/subgid:root:100000:65536
/etc/subuid:root:100000:65536
% cat /etc/lxc/default.conf
lxc.network.type = empty
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
I then created an lxc via:
# lxc-create -t download -n nw
I pulled down the archlinux current amd64 image.
This is my config:
-----
Distribution configuration
lxc.include = /usr/share/lxc/config/archlinux.common.conf
lxc.include = /usr/share/lxc/config/archlinux.userns.conf
lxc.arch = x86_64
# Container specific configuration
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = /var/lib/lxc/nw/rootfs
lxc.rootfs.backend = dir
lxc.utsname = nw
# Network configuration
lxc.network.type = empty
-----
The problem is when I start the container, I see numerous errors relating to systemd and I am now sure what is missing from my config. Advice is deeply appreciated.
# lxc-start -n nw -F
systemd 232 running in system mode. (+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to Arch Linux!
Set hostname to <nw>.
Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Failed to install release agent, ignoring: No such file or directory
[ OK ] Listening on Journal Socket.
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Listening on Process Core Dump Socket.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on Device-mapper event daemon FIFOs.
user.slice: Failed to reset devices.list: Operation not permitted
user.slice: Failed to set invocation ID on control group /user.slice, ignoring: Operation not permitted
[ OK ] Created slice User and Session Slice.
[ OK ] Listening on Network Service Netlink Socket.
[ OK ] Reached target Remote File Systems.
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
[ OK ] Reached target Encrypted Volumes.
[ OK ] Reached target Paths.
system.slice: Failed to reset devices.list: Operation not permitted
system.slice: Failed to set invocation ID on control group /system.slice, ignoring: Operation not permitted
[ OK ] Created slice System Slice.
dev-mqueue.mount: Failed to reset devices.list: Operation not permitted
dev-mqueue.mount: Failed to set invocation ID on control group /system.slice/dev-mqueue.mount, ignoring: Operation not permitted
Mounting POSIX Message Queue File System...
systemd-journald.service: Failed to reset devices.list: Operation not permitted
systemd-journald.service: Failed to set invocation ID on control group /system.slice/systemd-journald.service, ignoring: Operation not permitted
Starting Journal Service...
systemd-remount-fs.service: Failed to reset devices.list: Operation not permitted
systemd-remount-fs.service: Failed to set invocation ID on control group /system.slice/systemd-remount-fs.service, ignoring: Operation not permitted
Starting Remount Root and Kernel File Systems...
[ OK ] Reached target Slices.
systemd-sysctl.service: Failed to reset devices.list: Operation not permitted
systemd-sysctl.service: Failed to set invocation ID on control group /system.slice/systemd-sysctl.service, ignoring: Operation not permitted
Starting Apply Kernel Variables...
system-container\x2dgetty.slice: Failed to reset devices.list: Operation not permitted
system-container\x2dgetty.slice: Failed to set invocation ID on control group /system.slice/system-container\x2dgetty.slice, ignoring: Operation not permitted
[ OK ] Created slice system-container\x2dgetty.slice.
system-getty.slice: Failed to reset devices.list: Operation not permitted
system-getty.slice: Failed to set invocation ID on control group /system.slice/system-getty.slice, ignoring: Operation not permitted
[ OK ] Created slice system-getty.slice.
[ OK ] Reached target Swap.
tmp.mount: Failed to reset devices.list: Operation not permitted
tmp.mount: Failed to set invocation ID on control group /system.slice/tmp.mount, ignoring: Operation not permitted
Mounting Temporary Directory...
[ OK ] Listening on LVM2 metadata daemon socket.
dev-random.mount: Failed to reset devices.list: Operation not permitted
dev-tty1.mount: Failed to reset devices.list: Operation not permitted
proc-sys-net.mount: Failed to reset devices.list: Operation not permitted
dev-tty.mount: Failed to reset devices.list: Operation not permitted
dev-zero.mount: Failed to reset devices.list: Operation not permitted
dev-full.mount: Failed to reset devices.list: Operation not permitted
dev-tty3.mount: Failed to reset devices.list: Operation not permitted
dev-urandom.mount: Failed to reset devices.list: Operation not permitted
dev-tty2.mount: Failed to reset devices.list: Operation not permitted
proc-sysrq\x2dtrigger.mount: Failed to reset devices.list: Operation not permitted
-.mount: Failed to reset devices.list: Operation not permitted
sys-devices-virtual-net.mount: Failed to reset devices.list: Operation not permitted
dev-tty4.mount: Failed to reset devices.list: Operation not permitted
dev-null.mount: Failed to reset devices.list: Operation not permitted
sys-fs-fuse-connections.mount: Failed to reset devices.list: Operation not permitted
dev-tty5.mount: Failed to reset devices.list: Operation not permitted
dev-tty6.mount: Failed to reset devices.list: Operation not permitted
init.scope: Failed to reset devices.list: Operation not permitted
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Mounted Temporary Directory.
[ OK ] Started Remount Root and Kernel File Systems.
[ OK ] Started Apply Kernel Variables.
[ OK ] Reached target Local File Systems (Pre).
[ OK ] Reached target Local File Systems.
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage...
[ OK ] Started Flush Journal to Persistent Storage.
Starting Create Volatile Files and Directories...
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
[ OK ] Started D-Bus System Message Bus.
Starting Network Service...
Starting Login Service...
[ OK ] Started Daily rotation of log files.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Started Daily verification of password and group files.
[ OK ] Started Daily man-db cache update.
[ OK ] Reached target Timers.
[ OK ] Started Login Service.
[ OK ] Started Network Service.
[ OK ] Reached target Network.
Starting Permit User Sessions...
Starting Network Name Resolution...
[ OK ] Started Permit User Sessions.
[ OK ] Started Console Getty.
[ OK ] Started Getty on lxc/tty6.
[ OK ] Started Container Getty on /dev/pts/2.
[ OK ] Started Getty on lxc/tty2.
[ OK ] Started Getty on lxc/tty5.
[ OK ] Started Container Getty on /dev/pts/1.
[ OK ] Started Container Getty on /dev/pts/5.
[ OK ] Started Container Getty on /dev/pts/3.
[ OK ] Started Getty on lxc/tty4.
[ OK ] Started Getty on lxc/tty1.
[ OK ] Started Getty on lxc/tty3.
[ OK ] Started Container Getty on /dev/pts/0.
[ OK ] Started Container Getty on /dev/pts/4.
[ OK ] Reached target Login Prompts.
[ OK ] Started Network Name Resolution.
[ OK ] Reached target Multi-User System.
Arch Linux 4.9.2-2-custom (console)
nw login:
More information about the lxc-users
mailing list