Serge-
Thanks for the quick response!
Apologies for the cut/paste below of my prior message -- I had the list in
Digest mode and couldn't figure out how to reply -- so I just cut/pasted the
digest section below.
Date: Wed, 11 Feb 2015 04:41:23 +0000
From: Serge Hallyn <[email protected]>
To: LXC users mailing-list <[email protected]>
Subject: Re: [lxc-users] Can't Start Unprivileged Container in Ubuntu
14.10
Message-ID: <20150211044123.GE7059@ubuntumail>
Content-Type: text/plain; charset=us-ascii
Quoting [email protected] ([email protected]):
Thanks to all for the fantastic work on LXC! This is really cool stuff.
First-time question here, and I'm pretty new to LXC - so be gentle.
I'm having an issue starting unprivileged containers on Ubuntu
14.10.
I followed the "Creating unprivileged containers as a user" under the Getting
Started guide found at https://linuxcontainers.org/lxc/getting-started/. Everything
works great until I try to start the container -- which is when I get the following error:
jimmy@jimmyscomputer:~$ lxc-start -n p1 -F
"lxc-start: start.c: print_top_failing_dir: 102 Permission denied - could not
access /home/jimmy. Please grant it 'x' access, or add an ACL for the container
root.
lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 2
lxc-start: start.c: __lxc_start: 1087 failed to spawn 'p1'
lxc-start: lxc_start.c: main: 337 The container failed to start.
lxc-start: lxc_start.c: main: 341 Additional information can be obtained by setting
the --logfile and --logpriority options."
'lxc-start' is being executed by jimmy, so why can't lxc-start
access jimmy's home directory? Jimmy can certainly execute other
commands in that directory.
Because lxc-start switches to the container root userid, 100000.
Ah -- got it.
Here's the ~/.config/default.config:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
And here's the ~/.local/share/lxc/p1/config:
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template: -d ubuntu -r trusty -a amd64
# For additional config options, please look at lxc.container.conf(5)
# Distribution configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
lxc.arch = x86_64
# Container specific configuration
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = /home/jimmy/.local/share/lxc/p1/rootfs
lxc.utsname = p1
# Network configuration
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
The rootfs is there, and is owned by 100000.
Yes, but 100000 can't descent /home/jimmy to get to /home/jimmy/.local. I've
considered having lxc-start switch to /home/jimmy/.local/share/lxc/p1 and
then using "./", but that only helps in some cases and the lxc.rootfs could
actually be anywhere.
So I should just move the lxc.rootfs outside of /home/jimmy/ to a place where 100000 can
access it? Would this still be considered an unprivileged container? My system is pretty
much plain vanilla. Wondering if other people that followed the "Creating
unprivileged containers as a user" under the Getting Started guide found at
https://linuxcontainers.org/lxc/getting-started/ ran into the same issue (I believe it
says to create the rootfs in /home/usr).
Many thanks in advance for any help you can provide -- and again,
thanks for all the work on LXC. Very cool stuff.
Also -- is there an easy way to search the mail archives for the
lxc-users list?
Cheers,
Josh
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
------------------------------
Subject: Digest Footer
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
------------------------------
End of lxc-users Digest, Vol 61, Issue 6
****************************************
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
