Quoting Brian Campbell (lam...@continuation.org): > I tried the demo_userns.c example code from this LWN article > https://lwn.net/Articles/532593/ and got the same result: > > lambda@gherkin:userns$ ./demo_userns > clone: Operation not permitted > > So it looks like something is preventing me from calling clone(CLONE_NEWUSER) > or unshare(CLONE_NEWUSER). > > I can't find any documentation on CLONE_NEWUSER outside of that LWN article, > and it indicates that as of 3.8, no privilege should be needed to call > clone(CLONE_NEWUSER), so I'm somewhat puzzled as to why this is failing.
Without looking at the rest of this thread, it basically has to be either your kernel doesn't have CONFIG_USER_NS=y (which I wouldn't expect before a 3.13 or at least 3.12 kernel), or your distro kernel has a sysctl patch to turn off unprivileged CLONE_NEWUSER by default. You can find out whether it's the latter by just trying CLONE_NEWUSER as root. If that works, then look under /proc/sys/kernel for something called *userns* or *unpriv* and set it to 1 :) -serge _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
