[lxc-users] unprivileged LXC and lxc-attach...

Serge E. Hallyn serge at hallyn.com
Fri Jul 14 19:01:23 UTC 2017


Quoting Dirk Geschke (dirk at lug-erding.de):
> Hi all,
> 
> I'm not sure, if this was already discussed. But it is a strange
> behaviour for me. An lxc-attach of an unprivileged user to his
> unprivileged LXC (the container runs without problems), fails.
> 
> I tracked it down and ended up hier:
> 
> 17583 openat(3, "uid_map", O_WRONLY)    = 6
> 17583 write(6, "0 689825 1\n1002 1002 1\n", 23) = -1 EPERM (Operation not permitted)
> 17583 write(2, "newuidmap: write to uid_map failed: Operation not permitted\n", 60) = 60
> 
> Note, 1002 is the UID/GID of the unprivileged user, the subuid starts
> at:

No, I'm afraid you're being misled.  You simply can't strace lxc-attach.

Better to do

	lxc-attach -l trace -o debugout -n containername

and look at (or mail here) the contents of the file debugout.


More information about the lxc-users mailing list