[lxc-users] Failed to import LXD container tar.gz in unprivileged container (nested container)

Chris Han chrishan308 at gmail.com
Fri Nov 22 17:18:08 UTC 2019


That container was started from a clean image from the "ubuntu" remote.
    lxc launch ubuntu:18.04 c1

Originally the container was started in a Btrfs storage pool. But after
that I copy the container to a Dir storage pool and use the later version.
Will this cause the /dev/xx problem?

On Sat, Nov 23, 2019 at 1:07 AM Stéphane Graber <stgraber at stgraber.org>
wrote:

> No, switching between privileged and unprivileged wouldn't have cause dev/
> to get populated.
> My guess is that you probably had an image that contained those files when
> it shouldn't have in the first place.
>
> On Fri, Nov 22, 2019 at 11:45 AM Chris Han <chrishan308 at gmail.com> wrote:
>
>> Originally the container was started as a privileged container
>> with security.privileged="true". But after that I have removed
>> the security.privileged configuration and restarted the container. Is this
>> the root cause of the problem?
>>
>> May I know what is the correct steps to change a privileged container to
>> an unprivileged container?
>>
>> Thanks for your reply.
>>
>> On Sat, Nov 23, 2019 at 12:28 AM Stéphane Graber <stgraber at stgraber.org>
>> wrote:
>>
>>> Hmm, not sure why you have those devices in this container in the first
>>> place, normally /dev is left empty and mounted as tmpfs in the container.
>>> You could likely just edit the tarball to remove the content of dev/ and
>>> then import it just fine.
>>>
>>> On Fri, Nov 22, 2019 at 2:19 AM Chris Han <chrishan308 at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I have an unprivileged LXD container, c1, running in a physical host. I
>>>> have exported this container to tar.gz:
>>>>
>>>> lxc export c1-unprivileged c1-unprivileged.tar.gz
>>>>
>>>>
>>>> I have created another unprivileged LXD container, c2, with settings
>>>> for nested containers. Inside the c2 container, I am able to launch a
>>>> nested unprivileged LXD container, c3. The c3 container is working fine.
>>>>
>>>> lxc launch ubuntu:18.04 c3-unprivileged-nested
>>>>
>>>>
>>>> However, when I try to import the c1 tar.gz file inside c2 to create a
>>>> nested container, it shows the following error message:
>>>>
>>>> lxc import c1-unprivileged.tar.gz
>>>>
>>>> tar: rootfs/dev/zero: Cannot mknod: Operation not permitted
>>>> tar: rootfs/dev/random: Cannot mknod: Operation not permitted
>>>> tar: rootfs/dev/tty: Cannot mknod: Operation not permitted
>>>> tar: rootfs/dev/null: Cannot mknod: Operation not permitted
>>>> tar: rootfs/dev/full: Cannot mknod: Operation not permitted
>>>> tar: rootfs/dev/urandom: Cannot mknod: Operation not permitted
>>>>
>>>> I am able to import the c1 tar.gz file in a physical host, but unable
>>>> to import it in an unprivileged container (to create a nested container).
>>>> The LXD network and storage settings in the physical host and the c2
>>>> container are exactly the same.
>>>>
>>>> How to import the c1 tar.gz in the c2 unprivileged container?
>>>>
>>>> _______________________________________________
>>>> lxc-users mailing list
>>>> lxc-users at lists.linuxcontainers.org
>>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>>
>>>
>>>
>>> --
>>> Stéphane
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>
>
> --
> Stéphane
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20191123/0bef0871/attachment.html>


More information about the lxc-users mailing list