I setup /etc/subuid and /etc/subgid and modified /etc/lxc/default.conf to add the needed uid/gids:
% grep root /etc/sub* /etc/subgid:root:100000:65536 /etc/subuid:root:100000:65536 % cat /etc/lxc/default.conf lxc.network.type = empty lxc.id_map = u 0 100000 65536 lxc.id_map = g 0 100000 65536 I then created an lxc via: # lxc-create -t download -n nw I pulled down the archlinux current amd64 image. This is my config: ----- Distribution configuration lxc.include = /usr/share/lxc/config/archlinux.common.conf lxc.include = /usr/share/lxc/config/archlinux.userns.conf lxc.arch = x86_64 # Container specific configuration lxc.id_map = u 0 100000 65536 lxc.id_map = g 0 100000 65536 lxc.rootfs = /var/lib/lxc/nw/rootfs lxc.rootfs.backend = dir lxc.utsname = nw # Network configuration lxc.network.type = empty ----- The problem is when I start the container, I see numerous errors relating to systemd and I am now sure what is missing from my config. Advice is deeply appreciated. # lxc-start -n nw -F systemd 232 running in system mode. (+PAM -AUDIT -SELINUX -IMA -APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to Arch Linux! Set hostname to <nw>. Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory Failed to install release agent, ignoring: No such file or directory [ OK ] Listening on Journal Socket. [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Listening on Process Core Dump Socket. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Listening on Device-mapper event daemon FIFOs. user.slice: Failed to reset devices.list: Operation not permitted user.slice: Failed to set invocation ID on control group /user.slice, ignoring: Operation not permitted [ OK ] Created slice User and Session Slice. [ OK ] Listening on Network Service Netlink Socket. [ OK ] Reached target Remote File Systems. [ OK ] Started Dispatch Password Requests to Console Directory Watch. [ OK ] Reached target Encrypted Volumes. [ OK ] Reached target Paths. system.slice: Failed to reset devices.list: Operation not permitted system.slice: Failed to set invocation ID on control group /system.slice, ignoring: Operation not permitted [ OK ] Created slice System Slice. dev-mqueue.mount: Failed to reset devices.list: Operation not permitted dev-mqueue.mount: Failed to set invocation ID on control group /system.slice/dev-mqueue.mount, ignoring: Operation not permitted Mounting POSIX Message Queue File System... systemd-journald.service: Failed to reset devices.list: Operation not permitted systemd-journald.service: Failed to set invocation ID on control group /system.slice/systemd-journald.service, ignoring: Operation not permitted Starting Journal Service... systemd-remount-fs.service: Failed to reset devices.list: Operation not permitted systemd-remount-fs.service: Failed to set invocation ID on control group /system.slice/systemd-remount-fs.service, ignoring: Operation not permitted Starting Remount Root and Kernel File Systems... [ OK ] Reached target Slices. systemd-sysctl.service: Failed to reset devices.list: Operation not permitted systemd-sysctl.service: Failed to set invocation ID on control group /system.slice/systemd-sysctl.service, ignoring: Operation not permitted Starting Apply Kernel Variables... system-container\x2dgetty.slice: Failed to reset devices.list: Operation not permitted system-container\x2dgetty.slice: Failed to set invocation ID on control group /system.slice/system-container\x2dgetty.slice, ignoring: Operation not permitted [ OK ] Created slice system-container\x2dgetty.slice. system-getty.slice: Failed to reset devices.list: Operation not permitted system-getty.slice: Failed to set invocation ID on control group /system.slice/system-getty.slice, ignoring: Operation not permitted [ OK ] Created slice system-getty.slice. [ OK ] Reached target Swap. tmp.mount: Failed to reset devices.list: Operation not permitted tmp.mount: Failed to set invocation ID on control group /system.slice/tmp.mount, ignoring: Operation not permitted Mounting Temporary Directory... [ OK ] Listening on LVM2 metadata daemon socket. dev-random.mount: Failed to reset devices.list: Operation not permitted dev-tty1.mount: Failed to reset devices.list: Operation not permitted proc-sys-net.mount: Failed to reset devices.list: Operation not permitted dev-tty.mount: Failed to reset devices.list: Operation not permitted dev-zero.mount: Failed to reset devices.list: Operation not permitted dev-full.mount: Failed to reset devices.list: Operation not permitted dev-tty3.mount: Failed to reset devices.list: Operation not permitted dev-urandom.mount: Failed to reset devices.list: Operation not permitted dev-tty2.mount: Failed to reset devices.list: Operation not permitted proc-sysrq\x2dtrigger.mount: Failed to reset devices.list: Operation not permitted -.mount: Failed to reset devices.list: Operation not permitted sys-devices-virtual-net.mount: Failed to reset devices.list: Operation not permitted dev-tty4.mount: Failed to reset devices.list: Operation not permitted dev-null.mount: Failed to reset devices.list: Operation not permitted sys-fs-fuse-connections.mount: Failed to reset devices.list: Operation not permitted dev-tty5.mount: Failed to reset devices.list: Operation not permitted dev-tty6.mount: Failed to reset devices.list: Operation not permitted init.scope: Failed to reset devices.list: Operation not permitted [ OK ] Mounted POSIX Message Queue File System. [ OK ] Mounted Temporary Directory. [ OK ] Started Remount Root and Kernel File Systems. [ OK ] Started Apply Kernel Variables. [ OK ] Reached target Local File Systems (Pre). [ OK ] Reached target Local File Systems. [ OK ] Started Journal Service. Starting Flush Journal to Persistent Storage... [ OK ] Started Flush Journal to Persistent Storage. Starting Create Volatile Files and Directories... [ OK ] Started Create Volatile Files and Directories. Starting Update UTMP about System Boot/Shutdown... [ OK ] Started Update UTMP about System Boot/Shutdown. [ OK ] Reached target System Initialization. [ OK ] Listening on D-Bus System Message Bus Socket. [ OK ] Reached target Sockets. [ OK ] Reached target Basic System. [ OK ] Started D-Bus System Message Bus. Starting Network Service... Starting Login Service... [ OK ] Started Daily rotation of log files. [ OK ] Started Daily Cleanup of Temporary Directories. [ OK ] Started Daily verification of password and group files. [ OK ] Started Daily man-db cache update. [ OK ] Reached target Timers. [ OK ] Started Login Service. [ OK ] Started Network Service. [ OK ] Reached target Network. Starting Permit User Sessions... Starting Network Name Resolution... [ OK ] Started Permit User Sessions. [ OK ] Started Console Getty. [ OK ] Started Getty on lxc/tty6. [ OK ] Started Container Getty on /dev/pts/2. [ OK ] Started Getty on lxc/tty2. [ OK ] Started Getty on lxc/tty5. [ OK ] Started Container Getty on /dev/pts/1. [ OK ] Started Container Getty on /dev/pts/5. [ OK ] Started Container Getty on /dev/pts/3. [ OK ] Started Getty on lxc/tty4. [ OK ] Started Getty on lxc/tty1. [ OK ] Started Getty on lxc/tty3. [ OK ] Started Container Getty on /dev/pts/0. [ OK ] Started Container Getty on /dev/pts/4. [ OK ] Reached target Login Prompts. [ OK ] Started Network Name Resolution. [ OK ] Reached target Multi-User System. Arch Linux 4.9.2-2-custom (console) nw login: _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
