[libvirt-users] User Namespace in LXC

Saurabh Deochake saurabh.d04 at gmail.com
Thu Nov 14 05:05:57 UTC 2013 

Hi Gao,

Thanks a lot for your help. I'm currently upgrading my kernel (from 3.9.5
to 3.11.7) and checking if user namespace works or not.

Regards,
Saurabh Deochake,


On Wed, Nov 13, 2013 at 11:10 AM, Gao feng <gaofeng at cn.fujitsu.com> wrote:

> Hi Saurabh,
>
> First of all. I think there are something wrong in you container configure
> file
> the <idmap> should under <domain>.
>
> such as
>
> <domain type='lxc'>
>   <name>xxx</name>
>   <memory unit='KiB'>102400</memory>
>   <currentMemory unit='KiB'>102400</currentMemory>
>   <vcpu placement='static'>1</vcpu>
>   <resource>
>     <partition>/machine</partition>
>   </resource>
>   <os>
>     <type arch='x86_64'>exe</type>
>     <init>/bin/sh</init>
>   </os>
>   <idmap>
>     <uid start='0' target='1000' count='10'/>
>     <gid start='0' target='1000' count='10'/>
>   </idmap>
>   <clock offset='utc'/>
>   <on_poweroff>destroy</on_poweroff>
>   <on_reboot>restart</on_reboot>
>   <on_crash>destroy</on_crash>
>   <devices>
>     <console type='pty'>
>       <target type='lxc' port='0'/>
>     </console>
>   </devices>
> </domain>
>
> If your system doesn't support user namespace and your container has
> configure file,
> then when you start container, this error will be threw out.
> error: Failed to start domain xxx
> error: internal error: guest failed to start: Kernel doesn't support user
> namespace:
>
> If your configure file is right and the libvirt_lxc doesn't throw out
> error message,
> it's a bug we should fix.
>
> On 11/13/2013 01:24 PM, Saurabh Deochake wrote:
> > Hi Gao,
> >
> > I checked the output of "lxc-checkconfig" command and it showed
> >
> > --- Namespaces ---
> > Namespaces: enabled
> > Utsname namespace: enabled
> > Ipc namespace: enabled
> > Pid namespace: enabled
> > *User namespace: missing*
> > Network namespace: enabled
> > Multiple /dev/pts instances: enabled
> >
> > Here it shows that User namespace support is missing. I tried to check
> for Namespaces Support in kernel menuconfig. It has support for following
> namespaces only:
> >
> >  --- Namespaces support
> >  [*]   UTS namespace
> >  [*]   IPC namespace
> >  [*]   PID Namespaces
> >  [*]   Network namespace
> >
> > There is no User Namespace support. So do I need to patch the kernel for
> user namespace support? What should I do in order to get user namespace
> working?
> >
> > Following are my system details:
> > OS: Fedora 19
> > Kernel: 3.9.5
> >
>
> Disable the xfs filesystem, and then you will see User namespace under
> Namespaces support.
> Enjoy it.
>
> Thanks
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20131114/8c7c880b/attachment.htm>

More information about the libvirt-users mailing list