You are not logged in.
Hi everyone,
I was trying to us LXC with unprivileged containers. I followed the tutorial series from stgraber: https://www.stgraber.org/2014/01/17/lxc … ontainers/
When running
lxc-create -t download -n p1 -- -d ubuntu -r trusty -a amd64I get the following error:
unshare: Operation not permitted
read pipe: No such file or directory
lxc_container: Failed to chown container dir
lxc_container: Error creating container p1I already found the following thread, but it was not of any help for my problem, only showing there are Archlinux users who got it working: https://bbs.archlinux.org/viewtopic.php?id=185994
My system:
Kernel: 3.17.1 x86_64 default / grsec
LXC: 1.0.6-2
username ~ $ sudo lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled
--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig# cat ~/.config/lxc/lxc.conf# cat ~/.config/lxc/default.conf
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536# sudo cat /etc/sub*
username:100000:65537
username:100000:65537# sudo cat /etc/lxc/lxc-usernet
username veth lxcbr0 10Does anybody know what I'm missing here?
EDIT:
forgot to update the post, it's not working because mainline and archlinux do not compile the kernel with the needed flag "CONFIG_USER_NS". There is already a bug report for it.
Last edited by maces (2016-06-27 12:03:12)
Offline
Oh I forgot to mention, the container does start, when started as root.
Offline
Did you find what was the problem? I'm having the same problem. I think it must be because of Grsec because everything works without it.
Offline