> Date: Fri, 2 Feb 2018 01:52:09 +0200 > From: Eytan Heidingsfeld <eyt...@gmail.com> > To: lxc-users@lists.linuxcontainers.org > Subject: [lxc-users] Using lxc.namespace.net in unprivileged containers > > Hi, > I'm trying to use the new lxc.namespace.net config in an unprivileged > container (using idmapping) > The container fails to start, running the log at trace I see: > > lxc_network - network.c:lxc_setup_network_in_child_namespaces:3031 - > network has been setup > lxc_network - network.c:lxc_network_send_name_and_ifindex_to_parent:3112 - > Sent network device names and ifindeces to parent > > But then right after that: > > ERROR lxc_utils - utils.c:safe_mount:1659 - Operation not permitted - > Failed to mount sysfs onto /usr/lib/x86_64-linux-gnu/lxc/sys
You need to also inherit the owning user namespace of the network namespace in this scenario otherwise the kernel won't let you mount sysfs. Another option is to specify a lxc.mount.entry to bind-mount sysfs from the host. _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users