Bug#840820: linux-image-grsec-amd64 kernel break CLONE_NEWUSER / newuidmap / unprivileged lxc containers

On 11/15/2016 12:53 AM, Alex Mestiashvili wrote: > Just stumbled upon the same problem, it seems that CLONE_NEWUSER ( > and as the consequence unprivileged containers ) simply doesn't work > with grecurity patched kernel, see: > > https://forums.grsecurity.net/viewtopic.php?f=3=3929 > > You can

Bug#840820: linux-image-grsec-amd64 kernel break CLONE_NEWUSER / newuidmap / unprivileged lxc containers

Just stumbled upon the same problem, it seems that CLONE_NEWUSER ( and as the consequence unprivileged containers ) simply doesn't work with grecurity patched kernel, see: https://forums.grsecurity.net/viewtopic.php?f=3=3929 You can see if "user namespaces" works with this code:

Bug#840820: linux-image-grsec-amd64 kernel break CLONE_NEWUSER / newuidmap / unprivileged lxc containers

On Sat, 2016-10-15 at 18:37 +0800, john wrote: > I want to know, is it possible start lxc unprivileged container with >    grsec kernel? (start as root or nonroot) >    Thanks. I guess you don't really mean unprivileged containers, but rather “user namespaces”. I honestly have no idea. Regards,

Bug#840820: linux-image-grsec-amd64 kernel break CLONE_NEWUSER / newuidmap / unprivileged lxc containers

Package: linux-image-grsec-amd64 Version: 10 Severity: normal Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** I can not start lxc unprivileged container with linux-image-grsec-amd64 kernel (even start as root), The setup work very well