[libvirt-users] lxc-enter-namespace error: security model cannot be entered.

hzguanqiang hzguanqiang at corp.netease.com
Tue Jul 30 09:49:28 UTC 2013 

Hi Guys,
I started a lxc container with libvit in ubuntu Operating system, and succeed using lxc-enter-namespace to enter the namespaces and security context of the container. But when I do the same thing in debian OS, It reported an error, with details as following:

root at debian:/etc# vir list
 Id    Name                           State
----------------------------------------------------
 4424  instance-00000007              running
 25913 instance-00000008              running

root at debian:/etc# vir dumpxml 4424
<domain type='lxc' id='4424'>
  <name>instance-00000007</name>
  <uuid>f1ce5360-bb5e-4cfc-b5ef-d05f8db52618</uuid>
  <memory unit='KiB'>1048576</memory>
  <currentMemory unit='KiB'>1048576</currentMemory>
  <vcpu placement='static'>3</vcpu>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64'>exe</type>
    <init>/sbin/init</init>
    <cmdline>console=tty0 console=ttyS0</cmdline>
  </os>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/opt/stack/data/nova/instances/f1ce5360-bb5e-4cfc-b5ef-d05f8db52618/rootfs'/>
      <target dir='/'/>
    </filesystem>
    <interface type='bridge'>
      <mac address='fa:16:3e:3a:c6:11'/>
      <source bridge='br100'/>
      <target dev='veth0'/>
      <filterref filter='nova-instance-instance-00000007-fa163e3ac611'/>
    </interface>
    <console type='pty' tty='/dev/pts/1'>
      <source path='/dev/pts/1'/>
      <target type='lxc' port='0'/>
      <alias name='console0'/>
    </console>
  </devices>
  <seclabel type='none'/>
</domain>

root at debian:/etc# vir lxc-enter-namespace 4424 /bin/sh/
libvirt:  error : argument unsupported: Security model  cannot be entered

Is there anything that needs to be configured in debian OS for using the 'lxc-enter-namespace' interface?
 				
--------------
Best regards!
GuanQiang
2013-07-30

More information about the libvirt-users mailing list