On Sun, 2014-04-06 at 01:40 +0300, Rami Rosen wrote: > Hi, > First, thanks Michael, for drawing my attention to it. I knew that > Fedora 21 is going to enable user namespaces.
> Still, I wanted to reiterate my point: with my Fedora 20, where I ran > update a while ago, user namespaces were not available, according to > lxc-checkonfig, and still nesting with a busybox container did work. So lxc-checkconfig indicated that it was NOT available? That's weird. Hydra (my server) was a Fedora 19 system until I recently did an upgrade using the "yum update" method... http://fedoraproject.org/wiki/Upgrading_Fedora_using_yum It's now a Fedora 20 server and I have NOT installed a custom kernel on it. So, I'm on a stock Fedora Project kernel on Fedora 20 and it is enabled. I haven't tried any of the "nested containers" or a busybox container, though. Could you post the "uname -a" of your system in question? > Btw, I heard that in the first release of RHEL 7, user namespaces will > be enabled in kernel, for ABI compatibility, but using them will be > disabled in userspace, because of security concerns. Only in later > updates it will be enabled. I hope that this scheme is not used with > Fedora 20. > > Regards, > Rami Rosen > > <בתאריך 5 באפר 2014 23:15, "Michael H. Warfield" <[email protected]> <כתב: > On Sat, 2014-04-05 at 22:37 +0300, Rami Rosen wrote: > > Hi, Nels, > > > > Regarding you question, as appeared as the subject of your > post: > > "Do nested containers require that unprivileged container > creation be > > supported?" > > > Fedora 20 does not support user namespaces, as > lxc-checkconfig shows; > > so it does not support unprivileged containers. However, I > had created > > (with lxc-create) an LXC fedora container under Fedora 20. > From within > > that container I created a nested LXC busybox container, and > I could > > start that nested container successfully. > > Time out! Breaking news... Fedora 20 originally did not > support user > namespaces on initial install. Run yum update and reboot... > Then... > > [root@hydra mhw]# cat /etc/redhat-release > Fedora release 20 (Heisenbug) > [root@hydra mhw]# uname -a > Linux hydra.wittsend.com 3.13.7-200.fc20.x86_64 #1 SMP Mon Mar > 24 22:01:49 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux > [root@hydra mhw]# lxc-checkconfig > Kernel configuration not found at /proc/config.gz; > searching... > Kernel configuration found > at /boot/config-3.13.7-200.fc20.x86_64 > --- Namespaces --- > Namespaces: enabled > Utsname namespace: enabled > Ipc namespace: enabled > Pid namespace: enabled > User namespace: enabled > Network namespace: enabled > Multiple /dev/pts instances: enabled > > Looks to be enabled to me. > > > Best regards, > > Rami Rosen > > http://ramirose.wix.com/ramirosen > > Always check on the latest update. Things do change in the > Fedora > sphere. > > Regards, > Mike > > > On Fri, Apr 4, 2014 at 8:02 PM, Nels Nelson > <[email protected]> wrote: > > > Hi, I'm trying to create a container nested within > another. I'm sure I'm > > > probably going about it incorrectly. Here's what I have > so far: > > > > > > https://gist.github.com/nelsnelson/9978457 > > > > > > The error I encounter seems to be > > > > > > lxc-create: No such file or directory - failed to > create container path > > > for inner > > > lxc-create: Error creating container inner > > > > > > Is this because the privileges in the outer container are > not sufficient? > > > > > > Thanks, > > > -Nels > > -- > Michael H. Warfield (AI4NB) | (770) 978-7061 | > [email protected] > /\/\|=mhw=|\/\/ | (678) 463-0932 | > http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in > the best of all > PGP Key: 0x674627FF | possible worlds. A pessimist is > sure of it! > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users -- Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
