Yep - already answered. Not sure why the bump came through today. Thanks again!
On February 16, 2015 9:50:41 AM EST, Serge Hallyn <[email protected]> wrote: >Quoting Josh Ford ([email protected]): >> bump? > >Wasn't this answered last week? (Maybe it was someone else) As the >error message >indicates, your container root user (1000000) is not being allowed to >descend under >/home/jimmy. Either give w+x to /home/jimmy or use an ACL to give >100000 x. > >> On Sat 02-07-15 11:18, Josh Ford wrote: >> >First -- thanks to all for the fantastic work on LXC! >> > >> >First-time question here... >> > >> >My platform is: >> > >> >Ubuntu 14.10 >> >LVM disk encryption >> >Encrypted home directory for the user that is creating and starting >the container (this is a laptop). >> > >> >I'm having an issue starting unprivileged containers -- though >> >I've had success running privileged containers in the past without >> >problems on the same platform. >> > >> >I followed the "Creating unprivileged containers as a user" under >the Getting Started guide found at >https://linuxcontainers.org/lxc/getting-started/. Everything works >great until I try to start the container -- which is when I get the >following error: >> > >> >jimmy@jimmyscomputer:~$ lxc-start -n p1 -F >> > >> > >> >"lxc-start: start.c: print_top_failing_dir: 102 Permission denied - >could not access /home/jimmy. Please grant it 'x' access, or add an >ACL for the container root. >> >lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. >expected 2 >> >lxc-start: start.c: __lxc_start: 1087 failed to spawn 'p1' >> >lxc-start: lxc_start.c: main: 337 The container failed to start. >> >lxc-start: lxc_start.c: main: 341 Additional information can be >obtained by setting the --logfile and --logpriority options." >> > >> > >> >'lxc-start' is being executed by jimmy, so why can't lxc-start >> >access jimmy's home directory? Jimmy can certainly execute other >> >commands in that directory. >> > >> >Here's the ~/.config/default.config: >> > >> > >> >lxc.network.type = veth >> >lxc.network.link = lxcbr0 >> >lxc.network.flags = up >> >lxc.network.hwaddr = 00:16:3e:xx:xx:xx >> >lxc.id_map = u 0 100000 65536 >> >lxc.id_map = g 0 100000 65536 >> > >> >And here's the ~/.local/share/lxc/p1/config: >> > >> > >> ># Template used to create this container: >/usr/share/lxc/templates/lxc-download >> ># Parameters passed to the template: -d ubuntu -r trusty -a amd64 >> ># For additional config options, please look at >lxc.container.conf(5) >> > >> ># Distribution configuration >> >lxc.include = /usr/share/lxc/config/ubuntu.common.conf >> >lxc.include = /usr/share/lxc/config/ubuntu.userns.conf >> >lxc.arch = x86_64 >> > >> ># Container specific configuration >> >lxc.id_map = u 0 100000 65536 >> >lxc.id_map = g 0 100000 65536 >> >lxc.rootfs = /home/jimmy/.local/share/lxc/p1/rootfs >> >lxc.utsname = p1 >> > >> ># Network configuration >> >lxc.network.type = veth >> >lxc.network.link = lxcbr0 >> >lxc.network.flags = up >> >lxc.network.hwaddr = 00:16:3e:xx:xx:xx >> > >> >The rootfs is there, and is owned by 100000. >> > >> >Poor jimmy. The only quirk I can think of here is that jimmy's home >directory is encrypted [??] Just a wild guess though. >> > >> >Many thanks in advance for any help you can provide -- and again, >> >thanks for all the work on LXC. Very cool stuff. >> > >> >Oh -- also -- is there some easy way to search the list archives? >Apologies if that's a silly question, but I was trying to solve this >myself and didn't see a way to do it other than to browse through each >thread. >> > >> >Cheers, >> > >> >Josh >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users >_______________________________________________ >lxc-users mailing list >[email protected] >http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
