On Fri, Jan 27, 2017 at 8:36 AM, Rees, Kevron <[email protected]> wrote: > I'm trying to call "lxc-create" to create an unprivileged container > within the yocto environment. I am using a config file containing > uid/gid mappings that seems to work on my host system: > > lxc.include = /etc/lxc/default.conf > lxc.id_map = u 0 100000 65536 > lxc.id_map = g 0 100000 65536 > > The command I'm using in my bitbake recipe is as follows: > > lxc-create -l DEBUG -o muhlog.lob \ > --config=${S}/default.conf --lxcpath=${S}/var/lib/lxc \ > -t download --name=safety -- -d ubuntu -r xenial -a amd64 \ > --no-validate > > "${S}" points to my working directory that has default.conf in it. > > The output is as follows: > > | DEBUG: Executing shell function do_compile > | newuidmap: write to uid_map failed: Operation not permitted
The problem seems to be here. It's trying to use newuidmap from sysroot. If I force it to use the host's newuidmap from /usr/bin/newuidmap, it works. One of the issues could be that the setuid flag on the yocto environment's newuidmap seems missing. I wonder why the version in sysroot doesn't work... > | error mapping child > | setgid: Invalid argument > | lxc-create: safety: lxccontainer.c: do_create_container_dir: 985 > Failed to chown container dir > | lxc-create: safety: tools/lxc_create.c: main: 318 Error creating > container safety > > The "error mapping child" error comes from > src/lxc/tools/lxc_usernsexec.c:370 when calling lxc_map_ids(). > > Any hints on why newuidmap would fail? I'm hoping that's the root > issue here and the subsequent messages are just the result. > > cheers, > -Kevron -- _______________________________________________ meta-virtualization mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-virtualization
