[libvirt-users] Problems with user namespaces

Jaka Hudoklin jakahudoklin at gmail.com
Mon Sep 9 11:08:26 UTC 2013 

I applied your patch, but no success. What bothers me is that connection
gets reseted. By the way, i'm using systemd, with process started in
forking mode and as daemon. Could this cause any problems?

This is my libvirtd.conf, if it helps anything:
unix_sock_group = "libvirtd"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"

Can you please tell me easy to setup distro with systemd that user
namespaces work, so i can compare.

Thanks!


On Mon, Sep 9, 2013 at 3:08 AM, Gao feng <gaofeng at cn.fujitsu.com> wrote:

> On 09/06/2013 07:32 PM, Jaka Hudoklin wrote:
> > Hello!
> >
> > Okay i tried again with only staticly linked busybox:
> > offlinehacker:~/ $ /home/offlinehacker/busybox/busybox
> > BusyBox v1.17.1 (Debian 1:1.17.1-8) multi-call binary.
> > Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
> > and others. Licensed under GPLv2.
> > See source distribution for full notice.
> > ....
> >
> > Again my id:
> > uid=499(offlinehacker) gid=100(users)
> groups=100(users),1(wheel),57(networkmanager)
> >
> > My rootfs tree(/home/offlinehacker/busybox):
> > busybox
> > ├── [offlineh users   ]  busybox
> > └── [offlineh users   ]  busybox-static_1.17.1-8_amd64.deb
> >
> > It works just fine as root and these folders gets created:
> > busybox
> > ├── [offlineh users   ]  busybox
> > ├── [offlineh users   ]  busybox-static_1.17.1-8_amd64.deb
> > ├── [root     root    ]  dev
> > ├── [root     root    ]  .oldroot
> > ├── [root     root    ]  proc
> > └── [root     root    ]  sys
> >
> > When i start it with idmap with clean rootfs(dev proc sys and .oldroot
> deleted) i get this error, and it is a  little bit different now:
> > error: Failed to create domain from helloworld.xml
> > error: internal error: guest failed to start: 2013-09-06
> 11:24:57.088+0000: 5794: debug : virFileC
> >
> > And log is pretty similar:
> > sep 06 11:24:56 laptop libvirtd[1542]: EVENT_POLL_UPDATE_HANDLE:
> watch=241 events=1
> > sep 06 11:24:57 laptop libvirtd[1542]: Skip interrupt, 1 140499747788544
> > sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90
> > sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90
> > sep 06 11:24:57 laptop libvirtd[1542]: server=0x7fc8a60ddd60
> client=0x7fc8a60e8bb0 msg=0x7fc8a60e6970 rerr=0x7fc89a32cd40
> args=0x7fc8880160a0 ret=0x7fc888016030
> > sep 06 11:24:57 laptop libvirtd[1542]: priv=0x7fc8a60ea3a0 conn=(nil)
> > sep 06 11:24:57 laptop libvirtd[1542]: name=lxc:///
> > sep 06 11:24:57 laptop libvirtd[1542]: Cannot recv data: Connection
> reset by peer
> > sep 06 11:24:57 laptop libvirtd[1542]: internal error: guest failed to
> start: 2013-09-06 11:24:57.088+0000: 5794: debug : virFileC
> >
> > Rootfs after failed creation looks like this:
> > busybox
> > ├── [offlineh users   ]  busybox
> > ├── [offlineh users   ]  busybox-static_1.17.1-8_amd64.deb
> > ├── [offlineh users   ]  .oldroot
> > ├── [offlineh users   ]  proc
> > └── [offlineh users   ]  sys
> >
> > I have debugging enabled, at least LIBVIRT_DEBUG is set to 1 and i get
> much more messages. If there's any my granular debug please let me know.
> >
> > PS: I forgot to mention my version of libvirt is 1.1.2
> >
>
> OK, I get it, Maybe you need this patch
>
> 1583dfda7c4e5ad71efe0615c06e5676528d8203
> LXC: Don't mount securityfs when user namespace enabled
>
> Thanks
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20130909/9e0873f3/attachment.htm>

More information about the libvirt-users mailing list