[lxc-users] Using lxc.namespace.net in unprivileged containers
Christian Brauner
christian.brauner at mailbox.org
Tue Feb 6 10:23:33 UTC 2018
> Date: Fri, 2 Feb 2018 01:52:09 +0200
> From: Eytan Heidingsfeld <eytanh at gmail.com>
> To: lxc-users at lists.linuxcontainers.org
> Subject: [lxc-users] Using lxc.namespace.net in unprivileged containers
>
> Hi,
> I'm trying to use the new lxc.namespace.net config in an unprivileged
> container (using idmapping)
> The container fails to start, running the log at trace I see:
>
> lxc_network - network.c:lxc_setup_network_in_child_namespaces:3031 -
> network has been setup
> lxc_network - network.c:lxc_network_send_name_and_ifindex_to_parent:3112 -
> Sent network device names and ifindeces to parent
>
> But then right after that:
>
> ERROR lxc_utils - utils.c:safe_mount:1659 - Operation not permitted -
> Failed to mount sysfs onto /usr/lib/x86_64-linux-gnu/lxc/sys
You need to also inherit the owning user namespace of the network
namespace in this scenario otherwise the kernel won't let you mount
sysfs. Another option is to specify a lxc.mount.entry to bind-mount
sysfs from the host.
More information about the lxc-users
mailing list