I'm trying to set up an unprivileged container with user lxcd using a zfs filesystem (equivalent of btrfs sub volume) for each container. I'm aware that for unprivilged container creation, zfs has to be manually created. My zfs file system is:
zfs (the pool) zfs/lxc zfs/lxc/containers The above has been created using the 'zfs create ...' and I have run chown -R lxcd:lxcd ./lxc. The umask is the default 022. In ~/.config/lxc/lxc.conf I have: 'lxc.lxcpath = /zpool1/lxc/containers' In ~/.config/lxc/default.conf I have: lxc.id_map = u 0 100000 65536 lxc.id_map = g 0 100000 65536 lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.flags = up lxc.network.name = eth0 lxc.network.hwaddr = 00:16:3e:xx:xx:xx Here's the problem: I try to create a container c1 with the zfs filesystem already in place so the first thing I do is run, as root, 'zfs create zfs/lxc/containers/c1' and then chown -R lxcd:lxcd ./c1. I then run 'lxc-create -t download -n c1 -B dir — –dist ubuntu –release trusty –arch amd64' and get the following error: lxc_container: lxccontainer.c: create_partial: 164 Permission denied - Erorr creating partial file lxc_container: lxc_create.c: main: 271 Error creating container c1 When I check, c1 directory is empty. I think this is zfs-lxc related (as opposed to just lxc) because if I remove the zfs/lxc/containers/c1 filesystem and run the same command which now attempts to create the container on a simple dir backing store there is no problem. I've also tried manually creating the directory rootfs underneath c1 and then running 'lxc-create -t download -n c1 -B dir --dir /zfs/lxc/containers/c1/rootfs — –dist ubuntu –release trusty –arch amd64' but I get the same error messages. I guess then, the only time it works in zfs, is when the location for creating containers is specified in ~/.config/lxc/lxc.conf and the rootfs directory of the new container is two dirs down from the root of the nearest zfs filesystem (in my example which works: zfs/lxc/containers is the specified location, the container rootfs is zfs/lxc/containers/c1/rootfs). In summary, I would like each unprivileged container to run on top of a new zfs filesystem which I create as root and assign relevant ownership to. Is this possible? _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
