Re: Problems with user namespaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It seems to be working now, what I needed was libvirt built with libcap support and also securityfs patch. Thanks!


On Mon, Sep 9, 2013 at 1:08 PM, Jaka Hudoklin <jakahudoklin@xxxxxxxxx> wrote:
I applied your patch, but no success. What bothers me is that connection gets reseted. By the way, i'm using systemd, with process started in forking mode and as daemon. Could this cause any problems?

This is my libvirtd.conf, if it helps anything:
unix_sock_group = "libvirtd"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"

Can you please tell me easy to setup distro with systemd that user namespaces work, so i can compare.

Thanks!


On Mon, Sep 9, 2013 at 3:08 AM, Gao feng <gaofeng@xxxxxxxxxxxxxx> wrote:
On 09/06/2013 07:32 PM, Jaka Hudoklin wrote:
> Hello!
>
> Okay i tried again with only staticly linked busybox:
> offlinehacker:~/ $ /home/offlinehacker/busybox/busybox
> BusyBox v1.17.1 (Debian 1:1.17.1-8) multi-call binary.
> Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
> and others. Licensed under GPLv2.
> See source distribution for full notice.
> ....
>
> Again my id:
> uid=499(offlinehacker) gid=100(users) groups=100(users),1(wheel),57(networkmanager)
>
> My rootfs tree(/home/offlinehacker/busybox):
> busybox
> ├── [offlineh users   ]  busybox
> └── [offlineh users   ]  busybox-static_1.17.1-8_amd64.deb
>
> It works just fine as root and these folders gets created:
> busybox
> ├── [offlineh users   ]  busybox
> ├── [offlineh users   ]  busybox-static_1.17.1-8_amd64.deb
> ├── [root     root    ]  dev
> ├── [root     root    ]  .oldroot
> ├── [root     root    ]  proc
> └── [root     root    ]  sys
>
> When i start it with idmap with clean rootfs(dev proc sys and .oldroot deleted) i get this error, and it is a  little bit different now:
> error: Failed to create domain from helloworld.xml
> error: internal error: guest failed to start: 2013-09-06 11:24:57.088+0000: 5794: debug : virFileC
>
> And log is pretty similar:
> sep 06 11:24:56 laptop libvirtd[1542]: EVENT_POLL_UPDATE_HANDLE: watch=241 events=1
> sep 06 11:24:57 laptop libvirtd[1542]: Skip interrupt, 1 140499747788544
> sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90
> sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90
> sep 06 11:24:57 laptop libvirtd[1542]: server=0x7fc8a60ddd60 client=0x7fc8a60e8bb0 msg=0x7fc8a60e6970 rerr=0x7fc89a32cd40 args=0x7fc8880160a0 ret=0x7fc888016030
> sep 06 11:24:57 laptop libvirtd[1542]: priv=0x7fc8a60ea3a0 conn=(nil)
> sep 06 11:24:57 laptop libvirtd[1542]: name=lxc:///
> sep 06 11:24:57 laptop libvirtd[1542]: Cannot recv data: Connection reset by peer
> sep 06 11:24:57 laptop libvirtd[1542]: internal error: guest failed to start: 2013-09-06 11:24:57.088+0000: 5794: debug : virFileC
>
> Rootfs after failed creation looks like this:
> busybox
> ├── [offlineh users   ]  busybox
> ├── [offlineh users   ]  busybox-static_1.17.1-8_amd64.deb
> ├── [offlineh users   ]  .oldroot
> ├── [offlineh users   ]  proc
> └── [offlineh users   ]  sys
>
> I have debugging enabled, at least LIBVIRT_DEBUG is set to 1 and i get much more messages. If there's any my granular debug please let me know.
>
> PS: I forgot to mention my version of libvirt is 1.1.2
>

OK, I get it, Maybe you need this patch

1583dfda7c4e5ad71efe0615c06e5676528d8203
LXC: Don't mount securityfs when user namespace enabled

Thanks


_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users

[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux