[libvirt] starting LXC container with user namespace with root FS in image (with loop device)
Dmitry Guryanov
dguryanov at parallels.com
Thu Feb 19 11:48:06 UTC 2015
Hello,
I have a container with root fs:
<filesystem type='file' accessmode='passthrough'>
<driver type='loop' format='raw'/>
<source file='/opt/stack/data/nova/instances/x/disk'/>
<target dir='/'/>
</filesystem>
And it seems libvirt tries to mount this FS from a user namespace, which
is not possible:
[root at localhost ~]# virsh -c lxc:/// start instance-0000000aXX
error: Failed to start domain instance-0000000aXX
error: internal error: guest failed to start: Failed to mount device
/dev/loop3 to /var/run/libvirt/lxc/instance-0000000aXX.root: Operation
not permitted
Do you have any ideas, how it's supposed to work?
Here is domain config:
<domain type='lxc'>
<name>instance-0000000aXX</name>
<uuid>c68df696-1499-4cb3-b1fa-e2a370c11382</uuid>
<memory unit='KiB'>524288</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<vcpu placement='static'>1</vcpu>
<cputune>
<shares>1024</shares>
</cputune>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
<cmdline>console=tty0 console=ttyS0</cmdline>
</os>
<idmap>
<uid start='0' target='10000' count='1000'/>
<gid start='0' target='10000' count='1000'/>
</idmap>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/libexec/libvirt_lxc</emulator>
<filesystem type='file' accessmode='passthrough'>
<driver type='loop' format='raw'/>
<source file='/opt/stack/data/nova/instances/x/disk'/>
<target dir='/'/>
</filesystem>
<console type='pty'>
<target type='lxc' port='0'/>
</console>
</devices>
</domain>
--
Dmitry Guryanov
More information about the libvir-list
mailing list