LXC container with user namespace and root fs on loop device - how it's supposed to work?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

It's not possible to start LXC container inside user namespace with root filesystem on loop device, because it tries to mount root FS from container's user namespace (lxcContainerSetupPivotRoot) and gets EPERM:

2015-03-19 12:48:18.545+0000: 1: debug : lxcContainerChild:2278 : Tearing down container Failed to mount device /dev/loop0 to /var/run/libvirt/lxc/instance-0000000b.root: Operation not permitted



So I wonder, if someone tried to run LXC container with such configuration with success.


Here is my config:

<domain type='lxc'>
  <name>instance-0000000b</name>
  <uuid>d918c415-0a00-4c12-896e-19e4711111d3</uuid>
  <memory unit='KiB'>524288</memory>
  <currentMemory unit='KiB'>524288</currentMemory>
  <cputune>
    <shares>1024</shares>
  </cputune>
  <os>
    <type arch='x86_64'>exe</type>
    <init>/sbin/init</init>
    <cmdline>console=tty0 console=ttyS0</cmdline>
  </os>
  <idmap>
    <uid start='0' target='10000' count='1000'/>
    <gid start='0' target='10000' count='1000'/>
  </idmap>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/libexec/libvirt_lxc</emulator>
    <filesystem type='file' accessmode='passthrough'>
      <driver type='loop' format='raw'/>
      <source file='/root/2.img'/>
      <target dir='/'/>
    </filesystem>
    <console type='pty'>
      <target type='lxc' port='0'/>
    </console>
  </devices>
</domain>

--
Dmitry Guryanov

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]