Quoting Mikhail Gusarov (dotted...@dottedmag.net):
> Hello.
>
> I have tried to run two containers with avahi-daemon in each. First
> avahi-daemon starts fine, while second fails with
>
> # /usr/sbin/avahi-daemon
> Found user 'avahi' (UID 103) and group 'avahi' (GID 105).
> Successfully dropped root privileges.
> chroot.c: fork() failed: Resource temporarily unavailable
> failed to start chroot() helper daemon.
> cf-slave1:~#
>
> After some thinking and strace'ing I figured out that the following is
> the cause:
>
> cf-slave1:~# strace /usr/sbin/avahi-daemon
> ...
> setresuid32(103, 103, 103) = 0
> ...
> setrlimit(RLIMIT_NPROC, {rlim_cur=3, rlim_max=3}) = 0
> ...
> clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
> child_tidptr=0xb761d908) = -1 EAGAIN (Resource temporarily unavailable)
> ...
> #
>
> Here process drops root privileges, setuids to uid=103 and limits itself
> to 3 processes with this uid. Clone fails due to fact there are two
> processes with uid=103 running in another container.
>
> Is it a known limitation, or maybe this is already handled in newer
> kernels? (I use 2.6.32)
Hmm, you'll need to unshare the user namespace. Try adding
CLONE_NEWUSER to the list assigned to clone_flags at
lxc/src/lxc/start.c line 353.
-serge
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
