On Wed, Mar 23, 2016 at 05:15:54PM +0800, Ocean Chen wrote: > When restore an unprivilleged container from checkpoint, it failed with error > "Error (image.c:318): Unable to open netns-9.img: Permission denied".
You need to uidshift the images themselves into the root uid of the container so it can open them after it unshares it's user namespace. Tycho > > I run everything in root, and has below lines in lxc config file to have > unprivilleged container. > lxc.id_map = u 0 100000 65536 > lxc.id_map = g 0 100000 65536 > > > The cmd to restore container is: > lxc-checkpoint -n wily8 -D /var/lib/lxc/wily8/dump -r TRACE -v > > > Error in dump.log from ciru is: > > > (00.005616) Wait until namespaces are created > (00.006988) Running setup-namespaces scripts > (00.007010) 1: Calling restore_sid() for init > (00.007017) 1: Restoring 1 to 1 sid > (00.007091) 1: Mount procfs in crtools-proc.goosvl > (00.007154) 1: Restoring namespaces 1 flags 0x7c028000 > (00.007196) 1: Error (image.c:318): Unable to open netns-9.img: > Permission denied > (00.007374) Error (cr-restore.c:1306): 10779 exited, status=1 > > > My env: > ubuntu 15.10 with 4.4.5-040405-generic > lxc 2.0.0~rc13 > criu 2.0 > checkpoint used to work in my env when I using lxc 2.0.0~rc10 for > unprivileged containers, but not after I update to rc13. > > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users