similar to: unprivileged container has wrong owners inside in /proc/ and /sys

On Thu, Feb 27, 2014 at 3:07 PM, Dariusz Michaluk <d.michaluk@samsung.com> wrote: > On 26.02.2014 17:59, Stephan Sachse wrote: >>> >>> # chown -R foo:foo /var/lib/libvirt/filesystems/mycontainer >> >> you must "shift" the uids for the container 0 -> 666, 1 -> 667, 2 -> >> 668. there is a tool for this: uidmapshift > > I

On 26.02.2014 17:59, Stephan Sachse wrote: >> # chown -R foo:foo /var/lib/libvirt/filesystems/mycontainer > > you must "shift" the uids for the container 0 -> 666, 1 -> 667, 2 -> > 668. there is a tool for this: uidmapshift I prepared two containers, the first I used chown, in the second uidmapshift, here is the results. ./uidmapshift -r

Hello! Okay i tried again with only staticly linked busybox: offlinehacker:~/ $ /home/offlinehacker/busybox/busybox BusyBox v1.17.1 (Debian 1:1.17.1-8) multi-call binary. Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko and others. Licensed under GPLv2. See source distribution for full notice. .... Again my id: uid=499(offlinehacker) gid=100(users)

Create parent directroy for hostdev atomically when we start a lxc domain or attach a hostdev to a lxc domain. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> --- src/lxc/lxc_container.c | 42 ++++++++++++++++++++++++++++-------------- src/lxc/lxc_driver.c | 14 ++++++++++++++ 2 files changed, 42 insertions(+), 14 deletions(-) diff --git a/src/lxc/lxc_container.c

On 09/06/2013 07:32 PM, Jaka Hudoklin wrote: > Hello! > > Okay i tried again with only staticly linked busybox: > offlinehacker:~/ $ /home/offlinehacker/busybox/busybox > BusyBox v1.17.1 (Debian 1:1.17.1-8) multi-call binary. > Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko > and others. Licensed under GPLv2. > See source distribution for full notice.

It seems to be working now, what I needed was libvirt built with libcap support and also securityfs patch. Thanks! On Mon, Sep 9, 2013 at 1:08 PM, Jaka Hudoklin <jakahudoklin@gmail.com>wrote: > I applied your patch, but no success. What bothers me is that connection > gets reseted. By the way, i'm using systemd, with process started in > forking mode and as daemon. Could this

I applied your patch, but no success. What bothers me is that connection gets reseted. By the way, i'm using systemd, with process started in forking mode and as daemon. Could this cause any problems? This is my libvirtd.conf, if it helps anything: unix_sock_group = "libvirtd" unix_sock_rw_perms = "0770" auth_unix_ro = "none" auth_unix_rw = "none" Can

Hi:I downloaded a cirros-0.3.0-x86_64-rootfs.img and mount it to /tmp/bak then I edit a xml file ,here is the content: <domain type='lxc'> <name>vm1</name> <memory>500000</memory> <os> <type>exe</type> <init>/bin/sh</init> </os> <vcpu>1</vcpu> <clock offset='utc'/>

https://bugzilla.mindrot.org/show_bug.cgi?id=3690 Bug ID: 3690 Summary: sshd: root [priv] process sleeping leads to unprivileged child proc zombie Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component:

On 09/06/2013 03:15 AM, Jaka Hudoklin wrote: > Hello! > > I'm testing user namespaces and I have quite some problem getting them to work. > > First of all, I have user namespaces support enabled in kernel: > > offlinehacker:~/ $ uname -r > 3.10.10 > offlinehacker:~/ $ ls /proc/self/ns/ > ipc@ mnt@ net@ pid@ user@ uts@ > > I created simple ubuntu

Hello! I'm testing user namespaces and I have quite some problem getting them to work. First of all, I have user namespaces support enabled in kernel: offlinehacker:~/ $ uname -r 3.10.10 offlinehacker:~/ $ ls /proc/self/ns/ ipc@ mnt@ net@ pid@ user@ uts@ I created simple ubuntu rootfs and when I start container without idmap, so without user namespace mappings, it works just fine:

Hello. tl;dr = v1.0.0 can boot my LXC containers, v.1.0.1 and v.1.0.2 fails. Paraphrased error message: "lxcContainerMountProcFuse:616 : Failed to mount ..../meminfo" I'd like to know if my host is misconfigured, or my domains, or ... why 1.0.2 and 1.0.1 are not working for me. I've been using libvirt for a while to manage QEMU instances. I have experimented with lxc.

And speaking of running out of a shared read-only root, I get the following error when I attempt it: error: Failed to start domain hw error: internal error guest failed to start: PATH=/bin:/sbin TERM=linux LIBVIRT_LXC_UUID=38320e75-1ba0-d85a-6138-532a3a66f13d LIBVIRT_LXC_NAME=hw /bin/bash 2011-12-08 15:31:41.945: 1: info : libvirt version: 0.9.7 2011-12-08 15:31:41.945: 1: error :

Hello. I use libvirtd on my Gentoo development system to manage both QEMU and LXC. When 1.0.3 came out, I updated to it from 1.0.3-r2, but 1.0.4 failed to start my LXC containers. I did not research the issue at the time, so I revert to 1.0.3-r2. Today I updated to 1.0.5 and my LXC containers still fail to start. I have not changed my domain XML at all. I am looking for suggestions on

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=40 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-02-03 16:49 ------- We haven't seen this

> # chown -R foo:foo /var/lib/libvirt/filesystems/mycontainer you must "shift" the uids for the container 0 -> 666, 1 -> 667, 2 -> 668. there is a tool for this: uidmapshift some tools may not work, because of the missing file capabilities. chown removes all file capabilities! try ping as user inside the container. (missing file cap cap_net_admin,cap_net_raw) /stephan --

After reboot of the host i have different error message: root@blade1:~# virt-install --connect lxc:/// --name test_LXC --memory 128 --filesystem /home/lxcuser/LXC,/ --init /bin/sh WARNING No operating system detected, VM performance may suffer. Specify an OS with --os-variant for optimal results. Starting install... ERROR internal error: guest failed to start: Failure in libvirt_lxc

Hi! I with my colleagues from Samsung trying to run systemd in Linux container. I saw that the others are experimenting in this topic, so I would like to present the results of my work and tests, perhaps it will be helpful to others. As the prototype I used a manual written by Daniel: https://www.berrange.com/posts/2013/08/12/running-a-full-fedora-os-inside-a-libvirt-lxc-guest/ After many

Dear Sirs, I've a question belonging to the run-init utility. I'm trying to boot a full linux system from ram. Therefore I provide a kernel and initrd from a tftp server. The full rootfs is provided through a nfs-server and is at time a cpio-archive. That archive shall be copied to the local client and mounted in a tmpfs partition. After that, I want replace the oldroot bei the root

Hi, I would like to install LXC container by virt-install. >From man: virt-install \ --connect lxc:/// \ --name container \ --memory 128 \ --filesystem /home/LXC,/ \ --init /bin/sh But my err is: root@blade1:/home/lxcuser/LXC# virt-install --connect lxc:/// --name test_LXC --memory 128 --filesystem \ /home/lxcuser/LXC,/ --init /bin/sh WARNING No operating system detected, VM performance