Hi, I'm trying to use unprivileged containers that are inaccessible by other user in a shared environment. Setting container path to 550 seems to block lxc-start. What are the minimal permissions that I need to set on the directory so lxc-start can start successfully? Any pointers for managing subuid permissions?
Here is my sample commands transcript: ``` ubuntu@ip-10-65-151-126:~$ chmod o-rx .local/share/lxc/u1 ubuntu@ip-10-65-151-126:~$ ls -lha .local/share/lxc |grep u1 drwxr-x--- 3 ubuntu ubuntu 4.0K May 23 23:45 u1 ubuntu@ip-10-65-151-126:~$ ubuntu@ip-10-65-151-126:~$ # Starting a container with no other permission ubuntu@ip-10-65-151-126:~$ lxc-start -n u1 lxc_container: Permission denied - failed to get real path for '/home/ubuntu/.local/share/lxc/u1/rootfs' lxc_container: failed to mount rootfs lxc_container: failed to setup rootfs for 'u1' lxc_container: failed to setup the container lxc_container: invalid sequence number 1. expected 2 lxc_container: failed to spawn 'u1' ubuntu@ip-10-65-151-126:~$ ubuntu@ip-10-65-151-126:~$ # Now with other having rx access ubuntu@ip-10-65-151-126:~$ chmod o+rx .local/share/lxc/u1 ubuntu@ip-10-65-151-126:~$ lxc-start -n u1 -d ubuntu@ip-10-65-151-126:~$ lxc-attach -n u1 root@u1:~# It worked ``` Thanks! - Mahmood _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
