[pkg-lxc-devel] Bug#856017: lxc: creating unprivileged container as root fails at saving the image cache

Paul Slootman paul at debian.org
Fri Feb 24 10:12:16 UTC 2017 

Source: lxc
Version: 1:2.0.7-1
Severity: normal

# lxc-create -n web1 --template download
[...]
Distribution: debian 
Release: stretch
Architecture: amd64

Downloading the image index
Downloading the rootfs
Downloading the metadata
mkdir: cannot create directory ‘/var/cache/lxc//download/debian/stretch’: Permission denied
lxc-create: lxccontainer.c: create_run_template: 1297 container creation template for web1 failed
lxc-create: tools/lxc_create.c: main: 318 Error creating container web1

I made a lucky guess and did the following:

# chown 820896:820896 /var/cache/lxc/download/debian
(820896 is the uid / gid map for root)

Now the mkdir etc. succeeded. Apparently changing to the unprivileged
IDs happens too early, so that the uid 0 owned
/var/cache/lxc/download/debian/ can't be written to.


Please fix it so that the chown is not required.

Thanks,
Paul

-- System Information:
Debian Release: 8.7
  APT prefers stable
  APT policy: (700, 'stable'), (650, 'testing'), (500, 'stable-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxc depends on:
ii  init-system-helpers  1.47
ii  libapparmor1         2.11.0-2
ii  libc6                2.24-9
ii  libcap2              1:2.24-8
ii  libgnutls30          3.5.8-3
ii  liblxc1              1:2.0.7-1
ii  libseccomp2          2.3.1-2.1
ii  libselinux1          2.6-3
ii  lsb-base             4.1+Debian13+nmu1
ii  python3-lxc          1:2.0.7-1
ii  python3:amd64        3.5.3-1

Versions of packages lxc recommends:
ii  bridge-utils  1.5-9
ii  debootstrap   1.0.88
ii  dirmngr       1.1.1-5
pn  dnsmasq-base  <none>
ii  gnupg         1.4.18-7+deb8u3
ii  iptables      1.4.21-2+b1
ii  libpam-cgfs   2.0.6-1
ii  lxcfs         2.0.6-1
ii  openssl       1.0.1t-1+deb8u6
ii  rsync         3.1.2-1
ii  uidmap        1:4.2-3+deb8u1

Versions of packages lxc suggests:
pn  apparmor     <none>
pn  btrfs-tools  <none>                                                           
ii  lvm2         2.02.168-1

-- Configuration Files:
/etc/lxc/default.conf changed:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.id_map = u 0 820896 65536
lxc.id_map = g 0 820896 65536


-- no debconf information

More information about the Pkg-lxc-devel mailing list