Quoting S.Çağlar Onur ([email protected]): > OK I think I'm seeing something but haven't found the real problem, > yet. Looks like some caller (or the caller of the caller etc.) is not > checking the return code of the chown_mapped_root (from > src/lxc/conf.c) function and trying to progress. That seems to be > causing this problem. The following patch makes my tests happy again > (chown is failing with EACCES on my machine) > > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > index bdd623a..12f1690 100644 > --- a/src/lxc/conf.c > +++ b/src/lxc/conf.c > @@ -3566,10 +3566,10 @@ int chown_mapped_root(char *path, struct lxc_conf > *conf) > } > > // a trick for chgrp the file that is not owned by oneself > - if (chown(path, -1, hostgid) < 0) { > - ERROR("Error chgrp %s", path); > - return -1; > - } > + //if (chown(path, -1, hostgid) < 0) { > + // ERROR("Error chgrp %s", path); > + // return -1; > + //} > > // "u:0:rootuid:1" > ret = snprintf(map1, 100, "u:0:%d:1", rootuid); > > Try to create an unprivileged container and then clone it, you will > see "lxc_container: Error chgrp" error but interestingly lxc-clone is
Ah, maybe that makes sense. Can you add a debug line to print out the path, the current st_uid and st_gid of both the path and the dirname(path)? Actually if you simply check at the top of chown_mapped_root() whether path is already owned by the container root, and return 0 (shortcutting the rest of the work) if so, you may work around it. -serge _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
