richard -rw- weinberger <richard.weinber...@gmail.com> writes:
> On Thu, Apr 11, 2013 at 5:03 PM, Eric W. Biederman
> <ebied...@xmission.com> wrote:
>> richard -rw- weinberger <richard.weinber...@gmail.com> writes:
>>
>>> On Thu, Apr 11, 2013 at 7:03 AM, Eric W. Biederman
>>> <ebied...@xmission.com> wrote:
>>>> richard -rw- weinberger <richard.weinber...@gmail.com> writes:
>>>>> {st_mode=S_IFCHR|0644, st_rdev=makedev(5, 1), ...}) = 0
>>>>> [pid 3100] chmod("/dev/pts/5", 020644) = -1 EPERM (Operation not
>>>>> permitted)
>>>>
>>>> I am puzzled why we don't see something to create /dev/pts/5 in this trace.
>>>
>>> I have also no idea.
>>> Please see both attached strace logs (linux v3.9-rc6, lxc 0.9.0).
>>> One with lxc.autodev = 0, the other with = 1.
>>
>> I have read through and I can see why you are failing.
>> With autodev you are failing with mknod /dev/null.
>> Without autodev you are creating pts (I assume to represent /dev/ttyN)
>> before creating the user namespace and then there is a permission
>> problem with chmod.
>>
>> Both of which seem like correct behavior from the kernels standpoint.
>>
>>> My lxc config:
>>> ----
>>> lxc.network.type = empty
>>> lxc.rootfs = /var/lib/lxc/test2/rootfs
>>> lxc.utsname = test2
>>> lxc.autodev = 0
>>> lxc.tty = 4
>>
>> Let me suggest setting lxc.tty = 0. So you don't get tty creation
>> and see how far that goes.
>
> Both lxc.tty = 0 and lxc.pts = 0 trigger the same error.
> lxc-start: Operation not permitted - failed to set mode '020644' to
> '/dev/pts/1'
>
> To me it looks like lxc is trying to chmod /dev/pts/1 outside of the
> container.
>From /dev/pts/5 to /dev/pts/1. My guess is this is the /dev/console
emulation.
I will leave this to the lxc userspace folks to figure out the rest.
Given that it is chmod failing in the first process in the user
namespace that is failing. I strongly suspect that /dev/pts/1
is owned by the uid that created the container and that uid is
not mapped into the user namespace.
The fix would be for the process that starts the container to
chown those files to the uid of root in the container.
Since you were having to do something special to setup the uid mapping
it would not surprise if you have hit an overlooked corner case
in the lxc user namespace code base.
Eric
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
