[lxc-users] Failed to import LXD container tar.gz in unprivileged container (nested container)

Stéphane Graber stgraber at stgraber.org
Fri Nov 22 17:06:49 UTC 2019 

No, switching between privileged and unprivileged wouldn't have cause dev/
to get populated.
My guess is that you probably had an image that contained those files when
it shouldn't have in the first place.

On Fri, Nov 22, 2019 at 11:45 AM Chris Han <chrishan308 at gmail.com> wrote:

> Originally the container was started as a privileged container
> with security.privileged="true". But after that I have removed
> the security.privileged configuration and restarted the container. Is this
> the root cause of the problem?
>
> May I know what is the correct steps to change a privileged container to
> an unprivileged container?
>
> Thanks for your reply.
>
> On Sat, Nov 23, 2019 at 12:28 AM Stéphane Graber <stgraber at stgraber.org>
> wrote:
>
>> Hmm, not sure why you have those devices in this container in the first
>> place, normally /dev is left empty and mounted as tmpfs in the container.
>> You could likely just edit the tarball to remove the content of dev/ and
>> then import it just fine.
>>
>> On Fri, Nov 22, 2019 at 2:19 AM Chris Han <chrishan308 at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> I have an unprivileged LXD container, c1, running in a physical host. I
>>> have exported this container to tar.gz:
>>>
>>> lxc export c1-unprivileged c1-unprivileged.tar.gz
>>>
>>>
>>> I have created another unprivileged LXD container, c2, with settings for
>>> nested containers. Inside the c2 container, I am able to launch a
>>> nested unprivileged LXD container, c3. The c3 container is working fine.
>>>
>>> lxc launch ubuntu:18.04 c3-unprivileged-nested
>>>
>>>
>>> However, when I try to import the c1 tar.gz file inside c2 to create a
>>> nested container, it shows the following error message:
>>>
>>> lxc import c1-unprivileged.tar.gz
>>>
>>> tar: rootfs/dev/zero: Cannot mknod: Operation not permitted
>>> tar: rootfs/dev/random: Cannot mknod: Operation not permitted
>>> tar: rootfs/dev/tty: Cannot mknod: Operation not permitted
>>> tar: rootfs/dev/null: Cannot mknod: Operation not permitted
>>> tar: rootfs/dev/full: Cannot mknod: Operation not permitted
>>> tar: rootfs/dev/urandom: Cannot mknod: Operation not permitted
>>>
>>> I am able to import the c1 tar.gz file in a physical host, but unable to
>>> import it in an unprivileged container (to create a nested container). The
>>> LXD network and storage settings in the physical host and the c2 container
>>> are exactly the same.
>>>
>>> How to import the c1 tar.gz in the c2 unprivileged container?
>>>
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>
>>
>>
>> --
>> Stéphane
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>


-- 
Stéphane
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20191122/fb51dc18/attachment.html>

More information about the lxc-users mailing list