On 06/09/2016 01:13 PM, Stéphane Graber wrote:
On Thu, Jun 09, 2016 at 12:56:55PM -0700, Mike Wright wrote:
On 06/09/2016 12:40 PM, Stéphane Graber wrote:
Sounds like your host /proc is over-mounted which triggers a protection
mechanism in the kernel that prevents an unprivileged user from mounting
it.
Look in your host's /proc/mounts for any mountpoint under /proc, try
unmounting them one by one until you find the one that's triggering the
protection.
Thanks Stéphane,
Here's what's there:
grep proc /proc/mounts:
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs
rw,relatime,fd=36,pgrp=1,timeout=0,minproto=5,maxproto=5,direct 0 0
xenfs /proc/xen xenfs rw,relatime 0 0
I don't think I can safely remove any of those. Any other ideas?
I don't expect either of use to be in active constant use, so you can
still try unmounting them temporarily.
An alternative is to mount /proc somewhere else on the host where it's
not hidden by those mounts.
For example:
- mkdir /mnt/proc
- mount -t proc proc /mnt/proc
Success!
Created /alt/proc and mounted another proc there. Unprivileged
container started. But I don't understand.
Don't the multiple procs conflict with each other in any way? How did
lxc find the correct proc to use?
There were two privileged containers running already without problems,
and I used to run some unprivileged containers with lxc-1.
Do I just accept this as a new fact of life with lxc and add a mount
proc line to fstab?
(Sorry for being dimwitted).
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
