Serge, I did have that sysctl, but it was set to 0. I changed it to 1 and now I get a new error:
lxcuser@thinkhost:~$ lxc-create -t download -n c2 lxc: conf.c: lxc_map_ids: 3145 Missing newuidmap/newgidmap error mapping child setgid: Invalid argument lxc_container: lxccontainer.c: do_create_container_dir: 772 Failed to chown container dir lxc_container: lxc_create.c: main: 274 Error creating container c2 I have assigned lxcuser to the following uid/gid range: 165536 65536 and I have that set in ~/.config/lxc/default.conf lxcuser@thinkhost:~$ cat ~/.config/lxc/default.conf lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.name = eth0 lxc.id_map = u 0 165536 65536 lxc.id_map = g 0 165536 65536 root@thinkhost:~# cat /etc/sub* | grep lxcuser lxcuser:165536:65536 lxcuser:165536:65536 Thanks, Joshua On Thu, Apr 2, 2015 at 2:49 PM, Serge Hallyn <[email protected]> wrote: > Quoting Joshua Schaeffer ([email protected]): > > I've been using LXC's on Debian 7 for over a year now and everything has > > been working great, but I've just been using the version that is packaged > > with the distro and I figured it's probably time to get up to date and > > start taking advantage of the newer features and unprivileged containers. > > So I've created a VM with Debian 8 on it and downloaded the source for > LXC > > 1.1.1. > > > > I configured, compiled, and installed the software without any issues, > but > > when I try to run lxc-create as a regular user I get the following error: > > > > > -------------------------------------------------------------------------- > > lxcuser@thinkhost:~$ lxc-create -t download -n c1 > > unshare: Operation not permitted > > Since unshare failed, your kernel seems to not be allowing unprivileged > CLONE_NEWUSER. Check whether there is a sysctl called > /proc/sys/kernel/unprivileged_userns_clone, and if so set it to 1. > > > read pipe: Success > > lxc_container: lxccontainer.c: do_create_container_dir: 772 Failed to > chown > > container dir > > lxc_container: lxc_create.c: main: 274 Error creating container c2 > > > -------------------------------------------------------------------------- > > > > I've set execute rights on the home directory for that user. Seems like > I'm > > missing something obvious. Below is the configure parameters I used. > make, > > make check, and make install reported no problems or errors: > > > > ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var > > --enable-doc --enable-capabilities --with-distro=debian > > > > I can run the above command as root and it successfully downloads the > > template and creates the container which I can then attach to. > > > > Thanks, > > Joshua > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
