Bug#845014: lxc: unprivileged containers with overlayfs not work (ever start as root)

john Sat, 19 Nov 2016 05:48:33 -0800

Package: lxc
Version: 1:2.0.5-3
Severity: normal

Dear Maintainer,


*** Reporter, please consider answering these questions, where appropriate ***

   Can not run the "unprivileged container with overlayfs" ever start as root.

   1. unprivileged container without overlayfs start as root ( work ).
   2. privileged container with overlayfs start as root ( work ).

   3. unprivileged container with overlayfs start as root ( NOT WORK).

   root# lxc-start -n new -l DEBUG -o log   ( NOT WORK ).
   And the error messages in log like this

   "lxcoverlay - bdev/lxcoverlay.c:ovl_mount:430 - Operation not
   permitted - Overlayfs: Error mounting /var/lib/lxc/old/rootfs onto
   /usr/lib/x86_64-linux-gnu/lxc    /rootfs with options
   upperdir=/var/lib/lxc/new/delta0,lowerdir=/var/lib/lxc/old/rootfs:
   Operation not permitted."

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-1-grsec-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxc depends on:
ii  init-system-helpers  1.46
ii  libapparmor1         2.10.95-6
ii  libc6                2.24-5
ii  libcap2              1:2.25-1
ii  liblxc1              1:2.0.5-3
ii  libseccomp2          2.3.1-2.1
ii  libselinux1          2.6-3
ii  lsb-base             9.20161101
ii  python3-lxc          1:2.0.5-3
pn  python3:any          <none>

Versions of packages lxc recommends:
ii  bridge-utils  1.5-10
ii  debootstrap   1.0.87
ii  dirmngr       2.1.15-9
pn  dnsmasq-base  <none>
ii  gnupg         2.1.15-9
ii  iptables      1.6.0+snapshot20161117-1
pn  libpam-cgfs   <none>
pn  lxcfs         <none>
ii  openssl       1.1.0c-1
ii  rsync         3.1.2-1
ii  uidmap        1:4.2-3.2

Versions of packages lxc suggests:
ii  apparmor     2.10.95-6
ii  btrfs-tools  4.7.3-1
ii  lvm2         2.02.167-1

-- Configuration Files:
/etc/apparmor.d/abstractions/lxc/container-base [Errno 13] Permission denied: 
u'/etc/apparmor.d/abstractions/lxc/container-base'
/etc/apparmor.d/abstractions/lxc/start-container [Errno 13] Permission denied: 
u'/etc/apparmor.d/abstractions/lxc/start-container'
/etc/apparmor.d/lxc-containers [Errno 13] Permission denied: 
u'/etc/apparmor.d/lxc-containers'
/etc/apparmor.d/lxc/lxc-default [Errno 13] Permission denied: 
u'/etc/apparmor.d/lxc/lxc-default'
/etc/apparmor.d/lxc/lxc-default-cgns [Errno 13] Permission denied: 
u'/etc/apparmor.d/lxc/lxc-default-cgns'
/etc/apparmor.d/lxc/lxc-default-with-mounting [Errno 13] Permission denied: 
u'/etc/apparmor.d/lxc/lxc-default-with-mounting'
/etc/apparmor.d/lxc/lxc-default-with-nesting [Errno 13] Permission denied: 
u'/etc/apparmor.d/lxc/lxc-default-with-nesting'
/etc/apparmor.d/usr.bin.lxc-start [Errno 13] Permission denied: 
u'/etc/apparmor.d/usr.bin.lxc-start'

-- no debconf information

Bug#845014: lxc: unprivileged containers with overlayfs not work (ever start as root)

Reply via email to