Hi all, I'm working on a project that involves generating a bunch of live images, and I'd love to be able to use LXC to customize the filesystems.
I hacked something together using schroot, but I'd like to migrate it over to unprivileged LXC containers so that the build is cleaner and needs fewer root permissions. In my intended build flow, I'd like to be able to do the following: 1. Mount the baseline .img file as a loop mount (happens with passwordless sudo) 2. Use bindfs to remount the loop with user-level permissions (passwordless sudo) 3. Create an unprivileged LXC container using the mounted directory as the rootdir. 4. Run whatever upgrades/changes are needed inside of the LXC container. I've been trying to get this work, but I can't get LXC to create a working unprivileged container from an existing directory. Note that I _can_ use unprivileged containers in a general sense - downloaded LXC images work great. I'm able to reproduce the problem without any bind-mounts or anything like that - basically, I can reproduce my problem with this set of commands: $ lxc-create --name=fedora-base --template=download --dir=fedora-base $ cp -a fedora-base fedora-custom $ lxc-create --name=fedora-custom --template=none --dir=fedora-custom $ lxc-start --name=fedora-custom -F Everything works great until I try to start the 'fedora-custom' container, which then craps out with the following messages: lxc-start: utils.c: safe_mount: 1742 Permission denied - Failed to mount /dev/null onto /dev/null lxc-start: conf.c: fill_autodev: 1182 Permission denied - Failed bind mounting device null from host into container lxc-start: conf.c: lxc_setup: 3783 failed to populate /dev in the container lxc-start: start.c: do_start: 834 failed to setup the container lxc-start: sync.c: __sync_wait: 57 An error occurred in another process (expected sequence number 3) lxc-start: start.c: __lxc_start: 1354 failed to spawn 'fedora-custom' lxc-start: tools/lxc_start.c: main: 344 The container failed to start. lxc-start: tools/lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options. Can anybody help shed some light on what's going on? I know that I'm doing _something_ wrong, but I don't have any idea what :( -Nick
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users