On Sun, 2014-04-06 at 09:52 +0300, Rami Rosen wrote: > Hi, > uname -a > Linux n 3.12.6-300.fc20.x86_64 #1 SMP Mon Dec 23 16:44:31 UTC 2013 > x86_64 x86_64 x86_64 GNU/Linux
Linux hydra.wittsend.com 3.13.7-200.fc20.x86_64 #1 SMP Mon Mar 24 22:01:49 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Ok... I'd say that's a clue. I'm on 3.13.7-200 while you're only on 3.12.6-300. Mine was build on Mar 24 while yours dates back all the way to Dec 23. You say you just updated. Did you reboot? Regards, Mike > [root@n containers]# lxc-checkconfig > Kernel configuration not found at /proc/config.gz; searching... > Kernel configuration found at /boot/config-3.12.6-300.fc20.x86_64 > --- Namespaces --- > Namespaces: enabled > Utsname namespace: enabled > Ipc namespace: enabled > Pid namespace: enabled > User namespace: missing > Network namespace: enabled > Multiple /dev/pts instances: enabled > > --- Control groups --- > Cgroup: enabled > Cgroup clone_children flag: enabled > Cgroup device: enabled > Cgroup sched: enabled > Cgroup cpu account: enabled > Cgroup memory controller: enabled > Cgroup cpuset: enabled > > --- Misc --- > Veth pair device: enabled > Macvlan: enabled > Vlan: enabled > File capabilities: enabled > > Note : Before booting a new kernel, you can check its configuration > usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig > > cat /boot/config-3.12.6-300.fc20.x86_64 | grep USER_NS > # CONFIG_USER_NS is not set > > Regards, > Rami Rosen > http://ramirose.wix.com/ramirosen > > > On Sun, Apr 6, 2014 at 2:03 AM, Michael H. Warfield <[email protected]> wrote: > > On Sun, 2014-04-06 at 01:40 +0300, Rami Rosen wrote: > >> Hi, > >> First, thanks Michael, for drawing my attention to it. I knew that > >> Fedora 21 is going to enable user namespaces. > > > >> Still, I wanted to reiterate my point: with my Fedora 20, where I ran > >> update a while ago, user namespaces were not available, according to > >> lxc-checkonfig, and still nesting with a busybox container did work. > > > > So lxc-checkconfig indicated that it was NOT available? That's weird. > > Hydra (my server) was a Fedora 19 system until I recently did an upgrade > > using the "yum update" method... > > > > http://fedoraproject.org/wiki/Upgrading_Fedora_using_yum > > > > It's now a Fedora 20 server and I have NOT installed a custom kernel on > > it. So, I'm on a stock Fedora Project kernel on Fedora 20 and it is > > enabled. I haven't tried any of the "nested containers" or a busybox > > container, though. > > > > Could you post the "uname -a" of your system in question? > > > >> Btw, I heard that in the first release of RHEL 7, user namespaces will > >> be enabled in kernel, for ABI compatibility, but using them will be > >> disabled in userspace, because of security concerns. Only in later > >> updates it will be enabled. I hope that this scheme is not used with > >> Fedora 20. > >> > >> Regards, > >> Rami Rosen > >> > >> <> <בתאריך 5 באפר 2014 23:15, "Michael H. Warfield" <[email protected]> <> <כתב: > >> On Sat, 2014-04-05 at 22:37 +0300, Rami Rosen wrote: > >> > Hi, Nels, > >> > > >> > Regarding you question, as appeared as the subject of your > >> post: > >> > "Do nested containers require that unprivileged container > >> creation be > >> > supported?" > >> > >> > Fedora 20 does not support user namespaces, as > >> lxc-checkconfig shows; > >> > so it does not support unprivileged containers. However, I > >> had created > >> > (with lxc-create) an LXC fedora container under Fedora 20. > >> From within > >> > that container I created a nested LXC busybox container, and > >> I could > >> > start that nested container successfully. > >> > >> Time out! Breaking news... Fedora 20 originally did not > >> support user > >> namespaces on initial install. Run yum update and reboot... > >> Then... > >> > >> [root@hydra mhw]# cat /etc/redhat-release > >> Fedora release 20 (Heisenbug) > >> [root@hydra mhw]# uname -a > >> Linux hydra.wittsend.com 3.13.7-200.fc20.x86_64 #1 SMP Mon Mar > >> 24 22:01:49 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux > >> [root@hydra mhw]# lxc-checkconfig > >> Kernel configuration not found at /proc/config.gz; > >> searching... > >> Kernel configuration found > >> at /boot/config-3.13.7-200.fc20.x86_64 > >> --- Namespaces --- > >> Namespaces: enabled > >> Utsname namespace: enabled > >> Ipc namespace: enabled > >> Pid namespace: enabled > >> User namespace: enabled > >> Network namespace: enabled > >> Multiple /dev/pts instances: enabled > >> > >> Looks to be enabled to me. > >> > >> > Best regards, > >> > Rami Rosen > >> > http://ramirose.wix.com/ramirosen > >> > >> Always check on the latest update. Things do change in the > >> Fedora > >> sphere. > >> > >> Regards, > >> Mike > >> > >> > On Fri, Apr 4, 2014 at 8:02 PM, Nels Nelson > >> <[email protected]> wrote: > >> > > Hi, I'm trying to create a container nested within > >> another. I'm sure I'm > >> > > probably going about it incorrectly. Here's what I have > >> so far: > >> > > > >> > > https://gist.github.com/nelsnelson/9978457 > >> > > > >> > > The error I encounter seems to be > >> > > > >> > > lxc-create: No such file or directory - failed to > >> create container path > >> > > for inner > >> > > lxc-create: Error creating container inner > >> > > > >> > > Is this because the privileges in the outer container are > >> not sufficient? > >> > > > >> > > Thanks, > >> > > -Nels > >> > >> -- > >> Michael H. Warfield (AI4NB) | (770) 978-7061 | > >> [email protected] > >> /\/\|=mhw=|\/\/ | (678) 463-0932 | > >> http://www.wittsend.com/mhw/ > >> NIC whois: MHW9 | An optimist believes we live in > >> the best of all > >> PGP Key: 0x674627FF | possible worlds. A pessimist is > >> sure of it! > >> > >> > >> _______________________________________________ > >> lxc-users mailing list > >> [email protected] > >> http://lists.linuxcontainers.org/listinfo/lxc-users > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> _______________________________________________ > >> lxc-users mailing list > >> [email protected] > >> http://lists.linuxcontainers.org/listinfo/lxc-users > > > > -- > > Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] > > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ > > NIC whois: MHW9 | An optimist believes we live in the best of > > all > > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! > > > > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users -- Michael H. Warfield (AI4NB) | (770) 978-7061 | [email protected] /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
