[lxc-users] unprivileged LXC and lxc-attach...
Serge E. Hallyn
serge at hallyn.com
Fri Jul 14 19:01:23 UTC 2017
Quoting Dirk Geschke (dirk at lug-erding.de):
> Hi all,
>
> I'm not sure, if this was already discussed. But it is a strange
> behaviour for me. An lxc-attach of an unprivileged user to his
> unprivileged LXC (the container runs without problems), fails.
>
> I tracked it down and ended up hier:
>
> 17583 openat(3, "uid_map", O_WRONLY) = 6
> 17583 write(6, "0 689825 1\n1002 1002 1\n", 23) = -1 EPERM (Operation not permitted)
> 17583 write(2, "newuidmap: write to uid_map failed: Operation not permitted\n", 60) = 60
>
> Note, 1002 is the UID/GID of the unprivileged user, the subuid starts
> at:
No, I'm afraid you're being misled. You simply can't strace lxc-attach.
Better to do
lxc-attach -l trace -o debugout -n containername
and look at (or mail here) the contents of the file debugout.
More information about the lxc-users
mailing list