Quoting Rui Xiang (rui.xi...@huawei.com): > On 2013/7/5 19:48, Serge Hallyn wrote: > > Quoting Rui Xiang (rui.xi...@huawei.com): > >> The same issue troubles me. I try to start the container by these ways > >> in the mails, but get error results too. > >> > >> So I want to know about the plan to fix it. And your some advice are > >> appreciated. :) > > > > Hi, > > > > could you please start from the top explaining how you installed lxc, > > set up the container, started it, and what went wrong? > > > Hi, > > I got lxc sources from the repo git://github.com/lxc/lxc (lxc 0.9.0), > and installed it in redhat6. The kernel version is 3.10.0. > > I've created an opensuse template and then added the lines to config : > lxc.tty = 4 > lxc.pts = 1024 > lxc.mount = /home/container/lxc4test/fstab > ... > lxc.id_map = u 0 10000 2000 > lxc.id_map = g 0 10000 2000 > > lxc-start failed: > # lxc-start -n foo -f config > lxc-start: Operation not permitted - failed to set mode '020644' to > '/dev/pts/5' > lxc-start: failed to setup the console for 'foo' > lxc-start: failed to setup the container > lxc-start: invalid sequence number 1. expected 2 > lxc-start: failed to spawn 'foo' > > As the discussion in previous mails, I add this to config: > lxc.ttydir = lxc > > but lxc-start still failed: > # lxc-start -n foo -f config > lxc-start: Operation not permitted - failed to set mode '020644' to > '/dev/pts/1' > lxc-start: failed to setup the console for 'foo' > lxc-start: failed to setup the container > lxc-start: invalid sequence number 1. expected 2 > lxc-start: failed to spawn 'foo' > > After setting lxc.tty = 0, the result was error too: > lxc-start: Operation not permitted - failed to set mode '020644' to > '/dev/pts/1'. > > So ashamed that I have no better ways to solve it now. :(
Hi, When you do lxc.id_map = u 0 10000 2000 lxc.id_map = g 0 10000 2000 The container will run with uid 0 in the container being mapped to 10000 on the host. What I don't see is where you have shifted the uids of the container's files. If you look at https://code.launchpad.net/~serge-hallyn/+junk/nsexec , there are two programs of interest. uidmapshift.c will do the uid shifting (so for instance root owned files in the container will become owned by 10000). The container-userns-convert script will use the uidmapshift.c program as well as add the lxc.id_map files to the container configuration. I usually just do container-userns-convert containername 10000 So you'll definately need to use the uidmapshift program to chown your files, though to be honest your error sounds to me like a different problem. But just to be sure, please let me know what you see after shifting the container uids. Note, I will be getting back to my template for completely unprivileged container creation this week - however it becomes pretty involved (to allow an unprivileged user to chown files to his subuids) so at least at first it is a customized template based on the lxc-ubuntu one. -serge ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
