Quoting Fajar A. Nugraha (l...@fajar.net): > On Wed, Nov 13, 2013 at 11:23 PM, Serge Hallyn <serge.hal...@ubuntu.com>wrote: > > > Quoting Fajar A. Nugraha (l...@fajar.net): > > > On Wed, Nov 13, 2013 at 5:11 PM, Daniel P. Berrange <berra...@redhat.com > > >wrote: > > > > > > > For a start I think you should update to the curent Fedora 19 > > > > kernels which are version 3.11.6. Then I'd suggest taking thue > > > > Fedora kernel src.rpm and just setting the CONFIG_USER_NS var > > > > in its config file, rather than trying navigate the menus. > > > > > > > > We're not supporting user namespaces in Fedora until at least > > > > Fedora 21, since we don't consider the implementation sufficiently > > > > mature / secure to enable it sooner. > > > > > > > > > > > Is there an example somewhere on how to enable user namespace in lxc, > > > preferably using manual steps? e.g. which lxc configuration directive > > > enables it? > > > > For non-libvirt lxc, I've shown a few times a more manual way to do it > > on s3hh.wordpress.com, however, the pieces are there now so that you > > should be able to just add > > > > lxc.id_map = u 0 100000 9999 > > lxc.id_map = g 0 100000 9999 > > > > to a copy of /etc/lxc/lxc.conf, then do > > > > lxc-create -t ubuntu-cloud -n u1 -f /copy/of/lxc.conf > > > > I've been focusing on unprivileged creation, and don't think I've > > yet pushed the fixes needed for root to be able to do that. (which > > is complicated by newuidmap not letting root use arbitrary subuids) > > > > > > Hmmm ... I got this on my system: > as normal user: > $ lxc-create -t ubuntu-cloud -n u1 -f /etc/lxc/user.conf > You lack access to /var/lib/lxc > > ... and after editing permission on /var/lib/lxc, I get this
Don't do that, rather use -P to use an lxcpath that you own. > $ lxc-create -t ubuntu-cloud -n u1 -f /etc/lxc/user.conf > lxc_container: No such file or directory - Failed executing usernsexec > lxc_container: Error chowning /var/lib/lxc/u1/rootfs to container root > > lxc_container: Error creating backing store type (none) for u1 > lxc_container: Error creating container u1 > > a "strace -f" shows it's looking for "lxc-usernsexec", which is not > available. Which package has that? It should ship with lxc. If you've hand-built lxc, then you need to have newuidmap (from the uidmap package which comes from the shadow source package) to build it. Like I say I'll blog some more after I hit my next milestone, and this will all go into the server guide and manpages. > when testing as root (which, if I read your post correctly, is not possible > yet): > # lxc-create -t ubuntu-cloud -n u1 -f /etc/lxc/user.conf > ubuntu-cloudimg-query is /usr/bin/ubuntu-cloudimg-query > wget is /usr/bin/wget > --2013-11-14 04:34:08-- > https://cloud-images.ubuntu.com/server/releases/raring/release-20131022/ubuntu-13.04-server-cloudimg-amd64-root.tar.gz > Resolving cloud-images.ubuntu.com (cloud-images.ubuntu.com)... 91.189.88.141 > Connecting to cloud-images.ubuntu.com > (cloud-images.ubuntu.com)|91.189.88.141|:443... > connected. > HTTP request sent, awaiting response... 302 Found > Location: > https://cloud-images.ubuntu.com/releases/raring/release-20131022/ubuntu-13.04-server-cloudimg-amd64-root.tar.gz[following] > --2013-11-14 04:34:10-- > https://cloud-images.ubuntu.com/releases/raring/release-20131022/ubuntu-13.04-server-cloudimg-amd64-root.tar.gz > Reusing existing connection to cloud-images.ubuntu.com:443. > HTTP request sent, awaiting response... 200 OK > Length: 213508744 (204M) [application/x-gzip] > Saving to: ‘ubuntu-13.04-server-cloudimg-amd64-root.tar.gz’ > > 100%[============================================================================================================>] > 213,508,744 503KB/s in 9m 27s > > 2013-11-14 04:43:37 (368 KB/s) - > ‘ubuntu-13.04-server-cloudimg-amd64-root.tar.gz’ saved [213508744/213508744] > > Extracting container rootfs > Container u1 created. > > # lxc-start -n u1 > lxc-start: Operation not permitted - failed to mount 'proc' on > '/usr/lib/x86_64-linux-gnu/lxc/proc' > lxc-start: failed to setup the mounts for 'u1' > lxc-start: failed to setup the container > lxc-start: invalid sequence number 1. expected 2 > lxc-start: failed to spawn 'u1' > > > > This is my /etc/lxc/user.conf: > lxc.network.type = veth > lxc.network.link = lxcbr0 > lxc.network.flags = up > > lxc.id_map = u 0 100000 9999 > lxc.id_map = g 0 100000 9999 > > > test system is ubuntu raring, > lxc 1.0.0~alpha2+master~20131112-2220-0ubuntu1~ppa1~raring1 from daily > ppa, linux-image-3.12.0-2-generic from trusty. > > -- > Fajar ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
