Re: [lxc-devel] Howto user namespaces?

Tue, 09 Apr 2013 04:35:54 -0700 

On Tue, Apr 9, 2013 at 9:58 AM, richard -rw- weinberger
<richard.weinber...@gmail.com> wrote:
> On Tue, Apr 9, 2013 at 5:28 AM, Serge Hallyn <serge.hal...@ubuntu.com> wrote:
>> Quoting richard -rw- weinberger (richard.weinber...@gmail.com):
>>> Am I missing something obvious?
>>
>> lxc-create does not yet convert the rootfs to the mapped uids, so you
>> need to do that manually using uidmapshift.  Check the
>> container-userns-convert script at
>> https://code.launchpad.net/~serge-hallyn/+junk/nsexec or in the nsexec
>> package at ppa:serge-hallyn/userns-natty.
>
> Hmm, I've fixed the uids already by hand.
> Today I've created a new container and used container-userns-convert
> but with the same results.
>
> What I find very strange is that your script does:
> lxc.id_map = U ${uid} 0 $range
> lxc.id_map = G ${uid} 0 $range
> uid is 100000, range is 10000.
>
> But the lxc docs say:
>               Four values must be provided.  First a character, either
>               'u', or 'g', to specify whether user or group ids are
>               being mapped.  Next is the first userid as seen in the
>               user namespace of the container.  Next is the userid as
>               seen on the host.  Finally, a range indicating the number
>               of consecutive ids to map.
>
> So, this would make more sense: lxc.id_map = u 0 100000 10000
>
> Anyways, mount of tmpfs fails with ENOPERM, is there any debugging
> mechanism to find out why it is failing?
> According to strace some bind mounts before the tmpfs work perfectly fine.

BTW: I found out that tmpfs is not supported within user namespaces...

Anyways, now lxc-start dies here:
lxc-start: Operation not permitted - failed to set mode '020644' to '/dev/pts/1'
which is:
chmod("/dev/pts/1", 020644) = -1 EPERM (Operation not permitted)
Shouldn't this be /usr/lib64/lxc/rootfs/dev/pts/1?!

--
Thanks,
//richard

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to