Hi folks, I'm trying to run the avahi daemon in my containers, but I'm running into this error:
fork() failed: Resource temporarily unavailable
Avahi starts fine in the first container, but starting it in any
subsequent starting attempts result in the above error.
This issue was raised before on lxc-users mailing list [1], where Serge
E. Hallyn said [2]:
> Hmm, you'll need to unshare the user namespace. Try adding
> CLONE_NEWUSER to the list assigned to clone_flags at
> lxc/src/lxc/start.c line 353.
[1]: http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00219.html
[2]: http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00220.html
I've been running with this on change on top of 0.7 for a while without
problems. I just upgraded to 0.8.0~rc1 and ran into this problem again:
Apparently this change did not make it into the git repository yet.
Is this intentional, or was this just an oversight? I can imagine
Serge's suggestion to be a crude fix that should not become the default,
but my lxc-fu is not big enough to really tell :-)
I also tried to add this change to 0.8.0-rc2, but ran into a new
problem. Running lxc-start with the patch below now says:
lxc-start: Operation not permitted - failed to remove CAP_SYS_BOOT
capability
Perhaps unsharing the user namespace removes permission to remove
CAP_SYS_BOOT?
In any case, I'd like to have some way to be able to run avahi in my
containers, without having to locally patch my lxc binaries... Is there
any path forward?
Here's the patch against 0.8.0~rc2 I tried:
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -538,7 +538,7 @@ int lxc_spawn(struct lxc_handler *handler)
if (lxc_sync_init(handler))
return -1;
- clone_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
+ clone_flags =
CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS|CLONE_NEWUSER;
if (!lxc_list_empty(&handler->conf->network)) {
clone_flags |= CLONE_NEWNET;
Gr.
Matthijs
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
