Thanks Xavier, I'll check this out. On Thu, Apr 2, 2015 at 3:10 PM, Xavier Gendre <[email protected]> wrote:
> If it can help you, i have summarized all the Serge's advices (the > CLONE_NEWUSER trick, in particular) about containers in Debian in a little > script to handle user-owned unprivileged containers and make them > autostart. This is called mithlond, > > https://github.com/Meseira/mithlond > > This is build for Debian Jessie, thus you should find some useful things > inside, i hope ;-) > > Xavier > > > Le 02/04/2015 22:49, Serge Hallyn a écrit : > >> Quoting Joshua Schaeffer ([email protected]): >> >>> I've been using LXC's on Debian 7 for over a year now and everything has >>> been working great, but I've just been using the version that is packaged >>> with the distro and I figured it's probably time to get up to date and >>> start taking advantage of the newer features and unprivileged containers. >>> So I've created a VM with Debian 8 on it and downloaded the source for >>> LXC >>> 1.1.1. >>> >>> I configured, compiled, and installed the software without any issues, >>> but >>> when I try to run lxc-create as a regular user I get the following error: >>> >>> ------------------------------------------------------------ >>> -------------- >>> lxcuser@thinkhost:~$ lxc-create -t download -n c1 >>> unshare: Operation not permitted >>> >> >> Since unshare failed, your kernel seems to not be allowing unprivileged >> CLONE_NEWUSER. Check whether there is a sysctl called >> /proc/sys/kernel/unprivileged_userns_clone, and if so set it to 1. >> >> read pipe: Success >>> lxc_container: lxccontainer.c: do_create_container_dir: 772 Failed to >>> chown >>> container dir >>> lxc_container: lxc_create.c: main: 274 Error creating container c2 >>> ------------------------------------------------------------ >>> -------------- >>> >>> I've set execute rights on the home directory for that user. Seems like >>> I'm >>> missing something obvious. Below is the configure parameters I used. >>> make, >>> make check, and make install reported no problems or errors: >>> >>> ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var >>> --enable-doc --enable-capabilities --with-distro=debian >>> >>> I can run the above command as root and it successfully downloads the >>> template and creates the container which I can then attach to. >>> >>> Thanks, >>> Joshua >>> >> >> _______________________________________________ >>> lxc-users mailing list >>> [email protected] >>> http://lists.linuxcontainers.org/listinfo/lxc-users >>> >> >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users >> >> _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
