[lxc-users] Mounting squashfs inside a container

Ben Warren ben at skyportsystems.com
Tue May 30 22:17:04 UTC 2017 

Hi,

I’m using an LXC to build up a rootfs for another target, and am unable to mount a squashfs image:

root at cd-build-dev-385:~# mount -t squashfs -r myproject.squashfs mnt
ioctl: LOOP_SET_STATUS: Operation not permitted
root at cd-build-dev-385:~#

If I instead use ‘unsquashfs’, I get into device creation errors:

root at cd-build-dev-385:~# unsquashfs -x myproject.squashfs 
Parallel unsquashfs: Using 4 processors
13529 inodes (15282 blocks) to write

[|                                                                                                         ]    21/15282   0%
create_inode: failed to create character device squashfs-root/dev/console, because Operation not permitted
create_inode: failed to create character device squashfs-root/dev/null, because Operation not permitted
create_inode: failed to create character device squashfs-root/dev/ptmx, because Operation not permitted
create_inode: failed to create character device squashfs-root/dev/urandom, because Operation not permitted
create_inode: failed to create character device squashfs-root/dev/zero, because Operation not permitted


I assume the two issues are related, assuming that creation of device nodes within an unprivileged container is prohibited.  In my case I’m less concerned about security, and am using containers more for encapsulation.

Is there a configuration override that will allow dynamic device creation within a container, or another way of going about this?  I know that I can add device nodes externally using ‘lxc device add …’ and have used it for creating loopback devices, but that’s static.

Environment:
host: Ubuntu 14.04
LXC:
ben at ben-sc:~$ dpkg -l | grep lx[cd]
ii  liblxc1                                               2.0.7-0ubuntu1~14.04.1skyport1             amd64        Linux Containers userspace tools (library)
ii  lxc-common                                            2.0.7-0ubuntu1~14.04.1skyport1             amd64        Linux Containers userspace tools (common tools)
ii  lxcfs                                                 2.0.6-0ubuntu1~14.04.1                     amd64        FUSE based filesystem for LXC
ii  lxd                                                   2.0.9-0ubuntu1~14.04.1                     amd64        Container hypervisor based on LXC - daemon
ii  lxd-client                                            2.0.9-0ubuntu1~14.04.1                     amd64        Container hypervisor based on LXC - client

Note that I’ve built the LXC libraries from source, but based on the current ‘ubuntu-trusty-backports’ .deb packages.

regards,
Ben

More information about the lxc-users mailing list