<div dir="ltr"><div>Hello!</div><div><br></div>Okay i tried again with only staticly linked busybox:<div><div>offlinehacker:~/ $ /home/offlinehacker/busybox/busybox</div><div>BusyBox v1.17.1 (Debian 1:1.17.1-8) multi-call binary.</div>
<div>Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko</div><div>and others. Licensed under GPLv2.</div><div>See source distribution for full notice.</div><div>....</div><div><br></div><div>Again my id:</div>
<div>uid=499(offlinehacker) gid=100(users) groups=100(users),1(wheel),57(networkmanager)<br></div><div><br></div><div>My rootfs tree(/home/offlinehacker/busybox):</div><div><div>busybox</div><div>├── [offlineh users ] busybox</div>
<div>└── [offlineh users ] busybox-static_1.17.1-8_amd64.deb</div></div></div><div><br></div><div>It works just fine as root and these folders gets created:</div><div><div>busybox</div><div>├── [offlineh users ] busybox</div>
<div>├── [offlineh users ] busybox-static_1.17.1-8_amd64.deb</div><div>├── [root root ] dev</div><div>├── [root root ] .oldroot</div><div>├── [root root ] proc</div><div>└── [root root ] sys</div>
</div><div><br></div><div>When i start it with idmap with clean rootfs(dev proc sys and .oldroot deleted) i get this error, and it is a little bit different now:</div><div><div>error: Failed to create domain from helloworld.xml</div>
<div>error: internal error: guest failed to start: 2013-09-06 11:24:57.088+0000: 5794: debug : virFileC</div></div><div><br></div><div>And log is pretty similar:</div><div><div>sep 06 11:24:56 laptop libvirtd[1542]: EVENT_POLL_UPDATE_HANDLE: watch=241 events=1</div>
<div>sep 06 11:24:57 laptop libvirtd[1542]: Skip interrupt, 1 140499747788544</div><div>sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90</div><div>sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90</div>
<div>sep 06 11:24:57 laptop libvirtd[1542]: server=0x7fc8a60ddd60 client=0x7fc8a60e8bb0 msg=0x7fc8a60e6970 rerr=0x7fc89a32cd40 args=0x7fc8880160a0 ret=0x7fc888016030</div><div>sep 06 11:24:57 laptop libvirtd[1542]: priv=0x7fc8a60ea3a0 conn=(nil)</div>
<div>sep 06 11:24:57 laptop libvirtd[1542]: name=lxc:///</div><div>sep 06 11:24:57 laptop libvirtd[1542]: Cannot recv data: Connection reset by peer</div><div>sep 06 11:24:57 laptop libvirtd[1542]: internal error: guest failed to start: 2013-09-06 11:24:57.088+0000: 5794: debug : virFileC</div>
</div><div><br></div><div>Rootfs after failed creation looks like this:</div><div><div>busybox</div><div>├── [offlineh users ] busybox</div><div>├── [offlineh users ] busybox-static_1.17.1-8_amd64.deb</div><div>├── [offlineh users ] .oldroot</div>
<div>├── [offlineh users ] proc</div><div>└── [offlineh users ] sys</div></div><div><br></div><div>I have debugging enabled, at least LIBVIRT_DEBUG is set to 1 and i get much more messages. If there's any my granular debug please let me know.</div>
<div><br></div><div>PS: I forgot to mention my version of libvirt is 1.1.2</div><div><br></div><div>Thanks, Jaka!</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Sep 6, 2013 at 3:41 AM, Gao feng <span dir="ltr"><<a href="mailto:gaofeng@cn.fujitsu.com" target="_blank">gaofeng@cn.fujitsu.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 09/06/2013 03:15 AM, Jaka Hudoklin wrote:<br>
> Hello!<br>
><br>
> I'm testing user namespaces and I have quite some problem getting them to work.<br>
><br>
> First of all, I have user namespaces support enabled in kernel:<br>
><br>
> offlinehacker:~/ $ uname -r<br>
> 3.10.10<br>
> offlinehacker:~/ $ ls /proc/self/ns/<br>
> ipc@ mnt@ net@ pid@ user@ uts@<br>
><br>
> I created simple ubuntu rootfs and when I start container without idmap, so without user namespace mappings, it works just fine:<br>
><br>
> Libivrt config:<br>
><br>
> <domain type='lxc'><br>
> <name>helloworld</name><br>
> <memory>102400</memory><br>
> <os><br>
> <type>exe</type><br>
> <init>/bin/dash</init><br>
> </os><br>
> <!--<idmap><br>
> <uid start='0' target='499' count='10'/><br>
> <gid start='0' target='100' count='10'/><br>
> </idmap>--><br>
> <devices><br>
> <console type='pty'/><br>
> <filesystem type='mount'><br>
> <source dir='/home/offlinehacker/rootfs'/><br>
> <target dir='/'/><br>
> </filesystem><br>
> </devices><br>
> </domain><br>
><br>
<br>
</div></div>Your configuration looks good.<br>
<div><div class="h5"><br>
> This is how my rootfs looks like:<br>
><br>
> offlinehacker:~/ $ ls -la rootfs<br>
> drwxr-xr-x 23 offlinehacker users 4096 sep 5 19:06 ./<br>
> drwxr-xr-x 59 offlinehacker users 4096 sep 5 19:06 ../<br>
> drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 bin/<br>
> drwxr-xr-x 3 offlinehacker users 4096 avg 27 14:11 boot/<br>
> drwxr-xr-x 4 offlinehacker users 4096 avg 27 14:11 dev/<br>
> drwxr-xr-x 86 offlinehacker users 4096 sep 5 18:20 etc/<br>
> drwxr-xr-x 3 offlinehacker users 4096 avg 27 14:11 home/<br>
> lrwxrwxrwx 1 offlinehacker users 33 avg 27 14:10 initrd.img -> /boot/initrd.img-3.2.0-52-virtual<br>
> drwxr-xr-x 18 offlinehacker users 4096 avg 27 14:10 lib/<br>
> drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:10 lib64/<br>
> drwx------ 2 offlinehacker users 4096 avg 27 14:11 lost+found/<br>
> drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 media/<br>
> drwxr-xr-x 2 offlinehacker users 4096 apr 19 2012 mnt/<br>
> drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 opt/<br>
> -rw-r--r-- 1 offlinehacker vboxusers 231671365 avg 27 14:12 precise-server-cloudimg-amd64-root.tar.gz<br>
> drwxr-xr-x 2 offlinehacker users 4096 apr 19 2012 proc/<br>
> drwx------ 2 offlinehacker users 4096 sep 3 23:47 root/<br>
> drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 run/<br>
> drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 sbin/<br>
> drwxr-xr-x 2 offlinehacker users 4096 mar 5 2012 selinux/<br>
> drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 srv/<br>
> drwxr-xr-x 2 offlinehacker users 4096 apr 14 2012 sys/<br>
> drwxrwxrwt 2 offlinehacker users 4096 sep 4 01:39 tmp/<br>
> drwxr-xr-x 10 offlinehacker users 4096 avg 27 14:09 usr/<br>
> drwxr-xr-x 12 offlinehacker users 4096 sep 5 18:10 var/<br>
> lrwxrwxrwx 1 offlinehacker users 29 avg 27 14:10 vmlinuz -> boot/vmlinuz-3.2.0-52-virtual<br>
><br>
> And this is who I am:<br>
> offlinehacker:~/ $ id<br>
> uid=499(offlinehacker) gid=67(libvirtd) groups=100(users),1(wheel),57(networkmanager),67(libvirtd)<br>
<br>
</div></div>Can this user exec //home/offlinehacker/rootfs/bin/dash successfully ?<br>
<div class="im"><br>
><br>
> When I create the container with idmap uncommented I get the following error:<br>
><br>
> offlinehacker:~/ $ virsh -c lxc:/// create helloworld.xml<br>
> error: Failed to create domain from helloworld.xml<br>
> error: internal error: guest failed to start: 2013-09-05 19:08:57.781+0000: 19036: debug<br>
><br>
> And these are the logs:<br>
> sep 05 19:08:52 laptop libvirtd[1542]: server=0x7fc8a60ddd60 client=0x7fc8a60e68d0 msg=0x7fc8a60e9380 rerr=0x7fc89a32cd40 args=0x7fc88800b4a0 ret=0x7fc88800a1c0<br>
> sep 05 19:08:52 laptop libvirtd[1542]: priv=0x7fc8a60e91f0 conn=(nil)<br>
> sep 05 19:08:52 laptop libvirtd[1542]: name=lxc:///<br>
> sep 05 19:08:57 laptop libvirtd[1542]: Cannot recv data: Connection reset by peer<br>
> sep 05 19:08:58 laptop libvirtd[1542]: internal error: guest failed to start: 2013-09-05 19:08:57.781+0000: 19036: debug<br>
><br>
> Looks like .oldroot, dev, proc and sys gets created with mapped permissions(499:100), but container fails to start.<br>
><br>
<br>
</div>Please enable debug mode, I need more information.<br>
<br>
<a href="http://libvirt.org/logging.html" target="_blank">http://libvirt.org/logging.html</a><br>
<br>
Thansk<br>
</blockquote></div><br></div>