[libvirt-users] User Namespace in LXC

Gao feng gaofeng at cn.fujitsu.com
Wed Nov 13 05:40:43 UTC 2013 

Hi Saurabh,

First of all. I think there are something wrong in you container configure file
the <idmap> should under <domain>.

such as

<domain type='lxc'>
  <name>xxx</name>
  <memory unit='KiB'>102400</memory>
  <currentMemory unit='KiB'>102400</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64'>exe</type>
    <init>/bin/sh</init>
  </os>
  <idmap>
    <uid start='0' target='1000' count='10'/>
    <gid start='0' target='1000' count='10'/>
  </idmap>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <console type='pty'>
      <target type='lxc' port='0'/>
    </console>
  </devices>
</domain>

If your system doesn't support user namespace and your container has configure file,
then when you start container, this error will be threw out.
error: Failed to start domain xxx
error: internal error: guest failed to start: Kernel doesn't support user namespace:

If your configure file is right and the libvirt_lxc doesn't throw out error message,
it's a bug we should fix.

On 11/13/2013 01:24 PM, Saurabh Deochake wrote:
> Hi Gao,
> 
> I checked the output of "lxc-checkconfig" command and it showed 
> 
> --- Namespaces ---
> Namespaces: enabled
> Utsname namespace: enabled
> Ipc namespace: enabled
> Pid namespace: enabled
> *User namespace: missing*
> Network namespace: enabled
> Multiple /dev/pts instances: enabled
> 
> Here it shows that User namespace support is missing. I tried to check for Namespaces Support in kernel menuconfig. It has support for following namespaces only:
> 
>  --- Namespaces support
>  [*]   UTS namespace      
>  [*]   IPC namespace 
>  [*]   PID Namespaces    
>  [*]   Network namespace  
> 
> There is no User Namespace support. So do I need to patch the kernel for user namespace support? What should I do in order to get user namespace working?
> 
> Following are my system details:
> OS: Fedora 19
> Kernel: 3.9.5
> 

Disable the xfs filesystem, and then you will see User namespace under Namespaces support.
Enjoy it.

Thanks

More information about the libvirt-users mailing list