[lxc-users] Failed to import LXD container tar.gz in unprivileged container (nested container)

Chris Han chrishan308 at gmail.com
Fri Nov 22 16:44:51 UTC 2019


Originally the container was started as a privileged container
with security.privileged="true". But after that I have removed
the security.privileged configuration and restarted the container. Is this
the root cause of the problem?

May I know what is the correct steps to change a privileged container to an
unprivileged container?

Thanks for your reply.

On Sat, Nov 23, 2019 at 12:28 AM Stéphane Graber <stgraber at stgraber.org>
wrote:

> Hmm, not sure why you have those devices in this container in the first
> place, normally /dev is left empty and mounted as tmpfs in the container.
> You could likely just edit the tarball to remove the content of dev/ and
> then import it just fine.
>
> On Fri, Nov 22, 2019 at 2:19 AM Chris Han <chrishan308 at gmail.com> wrote:
>
>> Hi,
>>
>> I have an unprivileged LXD container, c1, running in a physical host. I
>> have exported this container to tar.gz:
>>
>> lxc export c1-unprivileged c1-unprivileged.tar.gz
>>
>>
>> I have created another unprivileged LXD container, c2, with settings for
>> nested containers. Inside the c2 container, I am able to launch a
>> nested unprivileged LXD container, c3. The c3 container is working fine.
>>
>> lxc launch ubuntu:18.04 c3-unprivileged-nested
>>
>>
>> However, when I try to import the c1 tar.gz file inside c2 to create a
>> nested container, it shows the following error message:
>>
>> lxc import c1-unprivileged.tar.gz
>>
>> tar: rootfs/dev/zero: Cannot mknod: Operation not permitted
>> tar: rootfs/dev/random: Cannot mknod: Operation not permitted
>> tar: rootfs/dev/tty: Cannot mknod: Operation not permitted
>> tar: rootfs/dev/null: Cannot mknod: Operation not permitted
>> tar: rootfs/dev/full: Cannot mknod: Operation not permitted
>> tar: rootfs/dev/urandom: Cannot mknod: Operation not permitted
>>
>> I am able to import the c1 tar.gz file in a physical host, but unable to
>> import it in an unprivileged container (to create a nested container). The
>> LXD network and storage settings in the physical host and the c2 container
>> are exactly the same.
>>
>> How to import the c1 tar.gz in the c2 unprivileged container?
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
> --
> Stéphane
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20191123/f28942ec/attachment.html>


More information about the lxc-users mailing list