Bug#989317: systemd kill background processes after user logs out (#825394 regression)

Tue, 08 Jun 2021 04:21:17 -0700 

Am 01.06.21 um 17:26 schrieb Matt Corallo:
The above command paste should basically do it, eg install lxc, then `lxc-create --name fuzzer -t download` to create a (debian) container, then install sshd inside of it via apt, then run the `systemd-run --user -p "Delegate=yes" --unit=fuzzer -- lxc-start --name fuzzer -- /usr/sbin/sshd -D` command to spawn it, then log out of the ssh session which spawned it. There's likely some network configuration which needs to happen in between but I don't know off-hand how to set it up without public IPs for things. 

I assume this means you run lxc-start as unprivileged user?
This requires additional configuration. At least I only get


lxc-create: fuzzer: confile.c: parse_line: 2664 Invalid argument - Unknown configuration 
key "lxc.id_map"
lxc-create: fuzzer: parse.c: lxc_file_for_each_line_mmap: 131 Failed to parse config file 
"/home/michael/.config/lxc/default.conf" at line "lxc.id_map = u 0 951968 65536"
lxc-create: fuzzer: conf.c: userns_exec_mapped_root: 4489 No uid mapping for 
container root
lxc-create: fuzzer: lxccontainer.c: do_storage_create: 1292 Error chowning 
"/home/michael/.local/share/lxc/fuzzer/rootfs" to container root
lxc-create: fuzzer: conf.c: suggest_default_idmap: 4811 You must either run as 
root, or define uid mappings
lxc-create: fuzzer: conf.c: suggest_default_idmap: 4812 To pass uid mappings to 
lxc-create, you could create
lxc-create: fuzzer: conf.c: suggest_default_idmap: 4813 
~/.config/lxc/default.conf:
lxc-create: fuzzer: conf.c: suggest_default_idmap: 4814 lxc.include = 
/etc/lxc/default.conf
lxc-create: fuzzer: conf.c: suggest_default_idmap: 4815 lxc.idmap = u 0 951968 
65536
lxc-create: fuzzer: conf.c: suggest_default_idmap: 4816 lxc.idmap = g 0 951968 
65536
lxc-create: fuzzer: lxccontainer.c: do_lxcapi_create: 1871 Failed to create 
(none) storage for fuzzer
lxc-create: fuzzer: tools/lxc_create.c: main: 319 Failed to create container 
fuzzer



Do you have a more minimal reproducer that doesn't involve lxc?




Attachment:
OpenPGP_signature

Description: OpenPGP digital signature























					Reply via email to