Quoting richard -rw- weinberger (richard.weinber...@gmail.com): > On Tue, Apr 9, 2013 at 3:19 PM, Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > Quoting richard -rw- weinberger (richard.weinber...@gmail.com): > >> On Tue, Apr 9, 2013 at 9:58 AM, richard -rw- weinberger > >> <richard.weinber...@gmail.com> wrote: > >> > On Tue, Apr 9, 2013 at 5:28 AM, Serge Hallyn <serge.hal...@ubuntu.com> > >> > wrote: > >> >> Quoting richard -rw- weinberger (richard.weinber...@gmail.com): > >> >>> Am I missing something obvious? > >> >> > >> >> lxc-create does not yet convert the rootfs to the mapped uids, so you > >> >> need to do that manually using uidmapshift. Check the > >> >> container-userns-convert script at > >> >> https://code.launchpad.net/~serge-hallyn/+junk/nsexec or in the nsexec > >> >> package at ppa:serge-hallyn/userns-natty. > >> > > >> > Hmm, I've fixed the uids already by hand. > >> > Today I've created a new container and used container-userns-convert > >> > but with the same results. > >> > > >> > What I find very strange is that your script does: > >> > lxc.id_map = U ${uid} 0 $range > >> > lxc.id_map = G ${uid} 0 $range > >> > uid is 100000, range is 10000. > >> > > >> > But the lxc docs say: > >> > Four values must be provided. First a character, either > >> > 'u', or 'g', to specify whether user or group ids are > >> > being mapped. Next is the first userid as seen in the > >> > user namespace of the container. Next is the userid as > >> > seen on the host. Finally, a range indicating the number > >> > of consecutive ids to map. > >> > > >> > So, this would make more sense: lxc.id_map = u 0 100000 10000 > >> > > >> > Anyways, mount of tmpfs fails with ENOPERM, is there any debugging > >> > mechanism to find out why it is failing? > >> > According to strace some bind mounts before the tmpfs work perfectly > >> > fine. > >> > >> BTW: I found out that tmpfs is not supported within user namespaces... > > > > It should be in 3.9: > > > > userns: Allow the userns root to mount tmpfs. > > Okay. Mounting tmpfs works on 3.9 so far. > > >> Anyways, now lxc-start dies here: > >> lxc-start: Operation not permitted - failed to set mode '020644' to > >> '/dev/pts/1' > >> which is: > >> chmod("/dev/pts/1", 020644) = -1 EPERM (Operation not permitted) > >> Shouldn't this be /usr/lib64/lxc/rootfs/dev/pts/1?! > > > > Look at Eric's user namespaces kernel tree for patches which aren't in > > your tree yet. (I also have one, but right now it is out of date with > > respect to some recent fixes Eric has sent upstream.) Upstream is > > almost 100% there, but an <eensie weensie> bit away. > > Which tree is that? > git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git > for-linus (and for-next) > differ only by one commit: > proc: Restrict mounting the proc filesystem
you'll probably have better luck with branch userns-always-map-user-v100 The unsafe kernel (until I get time to update it) which definately works is in ppa ubuntu-lxc/kernel. -serge ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
