[Pkg-libvirt-maintainers] Bug#766390: Bug#766390: libvirt0: fails unprivileged lxc domain with /proc/sys re-mount error
Guido Günther
agx at sigxcpu.org
Thu Oct 23 12:03:08 UTC 2014
On Wed, Oct 22, 2014 at 07:42:04PM +0100, Adrian Davey wrote:
> Package: libvirt0
> Version: 1.2.9-3
> Severity: normal
>
> Dear Maintainer,
>
> Launching a libvirt_lxc domain with <idmap> enabled using virsh fails:
>
> virsh # start testvm
> error: Failed to start domain testvm
> error: internal error: guest failed to start: Failed to re-mount
> /proc/sys on /proc/sys flags=1021: Operation not permitted
I tried to reproduce and used the attached config, did a
sudo ./uidmapshift -b /my/lxc/containers/lxc-test2 0 100000 1000
(from nsexec, currently not packaged in Debian) and could happily
start the container. The bash process also shows the uid mapping. Note
that I did not set:
echo 1 > /proc/sys/kernel/unprivileged_userns_clone
since my kernel doesn't have it. Can you check if this works for you too?
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list