Hi, uname -a Linux n 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec 23 16:44:31 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@n containers]# lxc-checkconfig Kernel configuration not found at /proc/config.gz; searching... Kernel configuration found at /boot/config-3.12.6-300.fc20.x86_64 --- Namespaces --- Namespaces: enabled Utsname namespace: enabled Ipc namespace: enabled Pid namespace: enabled User namespace: missing Network namespace: enabled Multiple /dev/pts instances: enabled --- Control groups --- Cgroup: enabled Cgroup clone_children flag: enabled Cgroup device: enabled Cgroup sched: enabled Cgroup cpu account: enabled Cgroup memory controller: enabled Cgroup cpuset: enabled --- Misc --- Veth pair device: enabled Macvlan: enabled Vlan: enabled File capabilities: enabled Note : Before booting a new kernel, you can check its configuration usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig cat /boot/config-3.12.6-300.fc20.x86_64 | grep USER_NS # CONFIG_USER_NS is not set Regards, Rami Rosen http://ramirose.wix.com/ramirosen On Sun, Apr 6, 2014 at 2:03 AM, Michael H. Warfield <[email protected]> wrote: > On Sun, 2014-04-06 at 01:40 +0300, Rami Rosen wrote: >> Hi, >> First, thanks Michael, for drawing my attention to it. I knew that >> Fedora 21 is going to enable user namespaces. > >> Still, I wanted to reiterate my point: with my Fedora 20, where I ran >> update a while ago, user namespaces were not available, according to >> lxc-checkonfig, and still nesting with a busybox container did work. > > So lxc-checkconfig indicated that it was NOT available? That's weird. > Hydra (my server) was a Fedora 19 system until I recently did an upgrade > using the "yum update" method... > > http://fedoraproject.org/wiki/Upgrading_Fedora_using_yum > > It's now a Fedora 20 server and I have NOT installed a custom kernel on > it. So, I'm on a stock Fedora Project kernel on Fedora 20 and it is > enabled. I haven't tried any of the "nested containers" or a busybox > container, though. > > Could you post the "uname -a" of your system in question? > >> Btw, I heard that in the first release of RHEL 7, user namespaces will >> be enabled in kernel, for ABI compatibility, but using them will be >> disabled in userspace, because of security concerns. Only in later >> updates it will be enabled. I hope that this scheme is not used with >> Fedora 20. >> >> Regards, >> Rami Rosen >> >> > <בתאריך 5 באפר 2014 23:15, "Michael H. Warfield" <[email protected]> > <כתב: >> On Sat, 2014-04-05 at 22:37 +0300, Rami Rosen wrote: >> > Hi, Nels, >> > >> > Regarding you question, as appeared as the subject of your >> post: >> > "Do nested containers require that unprivileged container >> creation be >> > supported?" >> >> > Fedora 20 does not support user namespaces, as >> lxc-checkconfig shows; >> > so it does not support unprivileged containers. However, I >> had created >> > (with lxc-create) an LXC fedora container under Fedora 20. >> From within >> > that container I created a nested LXC busybox container, and >> I could >> > start that nested container successfully. >> >> Time out! Breaking news... Fedora 20 originally did not >> support user >> namespaces on initial install. Run yum update and reboot... >> Then... >> >> [root@hydra mhw]# cat /etc/redhat-release >> Fedora release 20 (Heisenbug) >> [root@hydra mhw]# uname -a >> Linux hydra.wittsend.com 3.13.7-200.fc20.x86_64 #1 SMP Mon Mar >> 24 22:01:49 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux >> [root@hydra mhw]# lxc-checkconfig >> Kernel configuration not found at /proc/config.gz; >> searching... >> Kernel configuration found >> at /boot/config-3.13.7-200.fc20.x86_64 >> --- Namespaces --- >> Namespaces: enabled >> Utsname namespace: enabled >> Ipc namespace: enabled >> Pid namespace: enabled >> User namespace: enabled >> Network namespace: enabled >> Multiple /dev/pts instances: enabled >> >> Looks to be enabled to me. >> >> > Best regards, >> > Rami Rosen >> > http://ramirose.wix.com/ramirosen >> >> Always check on the latest update. Things do change in the >> Fedora >> sphere. >> >> Regards, >> Mike >> >> > On Fri, Apr 4, 2014 at 8:02 PM, Nels Nelson >> <[email protected]> wrote: >> > > Hi, I'm trying to create a container nested within >> another. I'm sure I'm >> > > probably going about it incorrectly. Here's what I have >> so far: >> > > >> > > https://gist.github.com/nelsnelson/9978457 >> > > >> > > The error I encounter seems to be >> > > >> > > lxc-create: No such file or directory - failed to >> create container path >> > > for inner >> > > lxc-create: Error creating container inner >> > > >> > > Is this because the privileges in the outer container are >> not sufficient? >> > > >> > > Thanks, >> > > -Nels >> >> -- >> Michael H. Warfield (AI4NB) | (770) 978-7061 | >> [email protected] >> /\/\|=mhw=|\/\/ | (678) 463-0932 | >> http://www.wittsend.com/mhw/ >> NIC whois: MHW9 | An optimist believes we live in >> the best of all >> PGP Key: 0x674627FF | possible worlds. A pessimist is >> sure of it! >> >> >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > > -- > Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of all > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! > > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
