Hello,
It's not possible to start LXC container inside user namespace with root
filesystem on loop device, because it tries to mount root FS from
container's user namespace (lxcContainerSetupPivotRoot) and gets EPERM:
2015-03-19 12:48:18.545+0000: 1: debug : lxcContainerChild:2278 :
Tearing down container
Failed to mount device /dev/loop0 to
/var/run/libvirt/lxc/instance-0000000b.root: Operation not permitted
So I wonder, if someone tried to run LXC container with such
configuration with success.
Here is my config:
<domain type='lxc'>
<name>instance-0000000b</name>
<uuid>d918c415-0a00-4c12-896e-19e4711111d3</uuid>
<memory unit='KiB'>524288</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<cputune>
<shares>1024</shares>
</cputune>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
<cmdline>console=tty0 console=ttyS0</cmdline>
</os>
<idmap>
<uid start='0' target='10000' count='1000'/>
<gid start='0' target='10000' count='1000'/>
</idmap>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/libexec/libvirt_lxc</emulator>
<filesystem type='file' accessmode='passthrough'>
<driver type='loop' format='raw'/>
<source file='/root/2.img'/>
<target dir='/'/>
</filesystem>
<console type='pty'>
<target type='lxc' port='0'/>
</console>
</devices>
</domain>
--
Dmitry Guryanov
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list