Bug#766390: [Pkg-libvirt-maintainers] Bug#766390: libvirt0: fails unprivileged lxc domain with /proc/sys re-mount error

Thu, 23 Oct 2014 12:45:45 -0700 

On 23/10/2014 13:03, Guido Günther wrote:

On Wed, Oct 22, 2014 at 07:42:04PM +0100, Adrian Davey wrote:

Package: libvirt0
Version: 1.2.9-3
Severity: normal

Dear Maintainer,

Launching a libvirt_lxc domain with <idmap> enabled using virsh fails:

virsh # start testvm
error: Failed to start domain testvm
error: internal error: guest failed to start: Failed to re-mount
/proc/sys on /proc/sys flags=1021: Operation not permitted


I tried to reproduce and used the attached config, did a

 sudo  ./uidmapshift -b /my/lxc/containers/lxc-test2 0 100000 1000

(from nsexec, currently not packaged in Debian) and could happily
start the container. The bash process also shows the uid mapping. Note
that I did not set:

   echo 1 > /proc/sys/kernel/unprivileged_userns_clone
since my kernel doesn't have it. Can you check if this works for you too? 
Cheers,
 -- Guido
I tried without the unprivileged_userns_clone before doing the change as by default the debian linux kernel doesn't set it 

I have just tried again without it set, exactly the same issue.
I have tried a debootstrap installation then using uidmapshift, same result. I have tried an LXC download template for sid/amd64 that does the id shift, same result. (echo 1 > /proc/sys/kernel/unprivileged_userns_clone, is required to make sure the download template operation finishes)
If it works for you then there must be something different between our setups, I guess it's a case of trying to identify what is different easily.
Which kernel are you using ? Do you have anything in libvirt conf that is not the default that could be related ? Do normal LXC unprivileged domains work for you? I find that LXC doesn't work either as cgroups have issues as described in [1] and then /dev/.lxc/ errors [2]. These rootfs live on btrfs filesystem with default mount options. I was hoping systemd with libvirt would sort out my original cgroups issue and just work to compliment my qemu side of libvirt. 

Cheers,

Adrian
[1] https://lists.linuxcontainers.org/pipermail/lxc-users/2014-September/007776.html [2] https://lists.linuxcontainers.org/pipermail/lxc-users/2014-September/007860.html 


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to