Hello!
I'm testing user namespaces and I have quite some problem getting them to
work.
First of all, I have user namespaces support enabled in kernel:
offlinehacker:~/ $ uname -r
3.10.10
offlinehacker:~/ $ ls /proc/self/ns/
ipc@ mnt@ net@ pid@ user@ uts@
I created simple ubuntu rootfs and when I start container without idmap, so
without user namespace mappings, it works just fine:
Libivrt config:
<domain type='lxc'>
<name>helloworld</name>
<memory>102400</memory>
<os>
<type>exe</type>
<init>/bin/dash</init>
</os>
<!--<idmap>
<uid start='0' target='499' count='10'/>
<gid start='0' target='100' count='10'/>
</idmap>-->
<devices>
<console type='pty'/>
<filesystem type='mount'>
<source dir='/home/offlinehacker/rootfs'/>
<target dir='/'/>
</filesystem>
</devices>
</domain>
This is how my rootfs looks like:
offlinehacker:~/ $ ls -la rootfs
drwxr-xr-x 23 offlinehacker users 4096 sep 5 19:06 ./
drwxr-xr-x 59 offlinehacker users 4096 sep 5 19:06 ../
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 bin/
drwxr-xr-x 3 offlinehacker users 4096 avg 27 14:11 boot/
drwxr-xr-x 4 offlinehacker users 4096 avg 27 14:11 dev/
drwxr-xr-x 86 offlinehacker users 4096 sep 5 18:20 etc/
drwxr-xr-x 3 offlinehacker users 4096 avg 27 14:11 home/
lrwxrwxrwx 1 offlinehacker users 33 avg 27 14:10 initrd.img ->
/boot/initrd.img-3.2.0-52-virtual
drwxr-xr-x 18 offlinehacker users 4096 avg 27 14:10 lib/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:10 lib64/
drwx------ 2 offlinehacker users 4096 avg 27 14:11 lost+found/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 media/
drwxr-xr-x 2 offlinehacker users 4096 apr 19 2012 mnt/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 opt/
-rw-r--r-- 1 offlinehacker vboxusers 231671365 avg 27 14:12
precise-server-cloudimg-amd64-root.tar.gz
drwxr-xr-x 2 offlinehacker users 4096 apr 19 2012 proc/
drwx------ 2 offlinehacker users 4096 sep 3 23:47 root/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 run/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 sbin/
drwxr-xr-x 2 offlinehacker users 4096 mar 5 2012 selinux/
drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 srv/
drwxr-xr-x 2 offlinehacker users 4096 apr 14 2012 sys/
drwxrwxrwt 2 offlinehacker users 4096 sep 4 01:39 tmp/
drwxr-xr-x 10 offlinehacker users 4096 avg 27 14:09 usr/
drwxr-xr-x 12 offlinehacker users 4096 sep 5 18:10 var/
lrwxrwxrwx 1 offlinehacker users 29 avg 27 14:10 vmlinuz ->
boot/vmlinuz-3.2.0-52-virtual
And this is who I am:
offlinehacker:~/ $ id
uid=499(offlinehacker) gid=67(libvirtd)
groups=100(users),1(wheel),57(networkmanager),67(libvirtd)
When I create the container with idmap uncommented I get the following
error:
offlinehacker:~/ $ virsh -c lxc:/// create helloworld.xml
error: Failed to create domain from helloworld.xml
error: internal error: guest failed to start: 2013-09-05 19:08:57.781+0000:
19036: debug
And these are the logs:
sep 05 19:08:52 laptop libvirtd[1542]: server=0x7fc8a60ddd60
client=0x7fc8a60e68d0 msg=0x7fc8a60e9380 rerr=0x7fc89a32cd40
args=0x7fc88800b4a0 ret=0x7fc88800a1c0
sep 05 19:08:52 laptop libvirtd[1542]: priv=0x7fc8a60e91f0 conn=(nil)
sep 05 19:08:52 laptop libvirtd[1542]: name=lxc:///
sep 05 19:08:57 laptop libvirtd[1542]: Cannot recv data: Connection reset
by peer
sep 05 19:08:58 laptop libvirtd[1542]: internal error: guest failed to
start: 2013-09-05 19:08:57.781+0000: 19036: debug
Looks like .oldroot, dev, proc and sys gets created with mapped
permissions(499:100), but container fails to start.
Any help or direction how to get this working would be appriciated,
Thanks, Jaka Hudoklin!
_______________________________________________
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
