Richard Weinberger <[email protected]> writes: > Am 28.05.2015 um 16:08 schrieb Serge Hallyn: >> Quoting Andy Lutomirski ([email protected]): >>> On Fri, May 22, 2015 at 10:39 AM, Eric W. Biederman >>> <[email protected]> wrote: >>>> I had hoped to get some Tested-By's on that patch series. >>> >>> Sorry, I've been totally swamped. >>> >>> I suspect that Sandstorm is okay, but I haven't had a chance to test >>> it for real. Sandstorm makes only limited use of proc and sysfs in >>> containers, but I'll see if I can test it for real this weekend. >> >> Testing this with unprivileged containers, I get >> >> lxc-start: conf.c: lxc_mount_auto_mounts: 808 Operation not permitted - >> error mounting sysfs on >> /usr/lib/x86_64-linux-gnu/lxc/sys/devices/virtual/net flags 0 >> > > FWIW, it breaks also libvirt-lxc: > Error: internal error: guest failed to start: Failed to re-mount /proc/sys on > /proc/sys flags=1021: Operation not permitted
Interesting. I had not anticipated a failure there? And it is failing in remount? Oh that is interesting. That implies that there is some flag of the original mount of /proc that the remount of /proc/sys is clearing, and that previously The flags specified are current rdonly,remount,bind so I expect there are some other flags on proc that libvirt-lxc is clearing by accident and we did not fail before because the kernel was not enforcing things. What are the mount flags in a working libvirt-lxc? Eric -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
