[lxc-users] Mounting squashfs inside a container

Kees Bos cornelis.bos at gmail.com
Wed May 31 07:44:44 UTC 2017 

On di, 2017-05-30 at 15:17 -0700, Ben Warren wrote:
> Hi,
> 
> I’m using an LXC to build up a rootfs for another target, and am
> unable to mount a squashfs image:
> 
> root at cd-build-dev-385:~# mount -t squashfs -r myproject.squashfs mnt
> ioctl: LOOP_SET_STATUS: Operation not permitted
> root at cd-build-dev-385:~#
> 
> If I instead use ‘unsquashfs’, I get into device creation errors:
> 
> root at cd-build-dev-385:~# unsquashfs -x myproject.squashfs 
> Parallel unsquashfs: Using 4 processors
> 13529 inodes (15282 blocks) to write
> 
> [|                                                                   
>                                       ]    21/15282   0%
> create_inode: failed to create character device squashfs-
> root/dev/console, because Operation not permitted
> create_inode: failed to create character device squashfs-
> root/dev/null, because Operation not permitted
> create_inode: failed to create character device squashfs-
> root/dev/ptmx, because Operation not permitted
> create_inode: failed to create character device squashfs-
> root/dev/urandom, because Operation not permitted
> create_inode: failed to create character device squashfs-
> root/dev/zero, because Operation not permitted
> 
> 
> I assume the two issues are related, assuming that creation of device
> nodes within an unprivileged container is prohibited.  In my case I’m
> less concerned about security, and am using containers more for
> encapsulation.
> 
> Is there a configuration override that will allow dynamic device
> creation within a container, or another way of going about this?  I
> know that I can add device nodes externally using ‘lxc device add …’
> and have used it for creating loopback devices, but that’s static.
> 
> Environment:
> host: Ubuntu 14.04
> LXC:
> ben at ben-sc:~$ dpkg -l | grep lx[cd]
> ii  liblxc1                                               2.0.7-
> 0ubuntu1~14.04.1skyport1             amd64        Linux Containers
> userspace tools (library)
> ii  lxc-common                                            2.0.7-
> 0ubuntu1~14.04.1skyport1             amd64        Linux Containers
> userspace tools (common tools)
> ii  lxcfs                                                 2.0.6-
> 0ubuntu1~14.04.1                     amd64        FUSE based
> filesystem for LXC
> ii  lxd                                                   2.0.9-
> 0ubuntu1~14.04.1                     amd64        Container
> hypervisor based on LXC - daemon
> ii  lxd-client                                            2.0.9-
> 0ubuntu1~14.04.1                     amd64        Container
> hypervisor based on LXC - client
> 
> Note that I’ve built the LXC libraries from source, but based on the
> current ‘ubuntu-trusty-backports’ .deb packages.
> 
> regards,
> Ben
> 
> 

I think you'll have to use either a privileged container or use
squashfuse and set privileges for fuse (if still needed).

More information about the lxc-users mailing list