[libvirt-users] Problems with user namespaces

Jaka Hudoklin jakahudoklin at gmail.com
Mon Sep 9 14:26:48 UTC 2013 

It seems to be working now, what I needed was libvirt built with libcap
support and also securityfs patch. Thanks!


On Mon, Sep 9, 2013 at 1:08 PM, Jaka Hudoklin <jakahudoklin at gmail.com>wrote:

> I applied your patch, but no success. What bothers me is that connection
> gets reseted. By the way, i'm using systemd, with process started in
> forking mode and as daemon. Could this cause any problems?
>
> This is my libvirtd.conf, if it helps anything:
> unix_sock_group = "libvirtd"
> unix_sock_rw_perms = "0770"
> auth_unix_ro = "none"
> auth_unix_rw = "none"
>
> Can you please tell me easy to setup distro with systemd that user
> namespaces work, so i can compare.
>
> Thanks!
>
>
> On Mon, Sep 9, 2013 at 3:08 AM, Gao feng <gaofeng at cn.fujitsu.com> wrote:
>
>> On 09/06/2013 07:32 PM, Jaka Hudoklin wrote:
>> > Hello!
>> >
>> > Okay i tried again with only staticly linked busybox:
>> > offlinehacker:~/ $ /home/offlinehacker/busybox/busybox
>> > BusyBox v1.17.1 (Debian 1:1.17.1-8) multi-call binary.
>> > Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
>> > and others. Licensed under GPLv2.
>> > See source distribution for full notice.
>> > ....
>> >
>> > Again my id:
>> > uid=499(offlinehacker) gid=100(users)
>> groups=100(users),1(wheel),57(networkmanager)
>> >
>> > My rootfs tree(/home/offlinehacker/busybox):
>> > busybox
>> > ├── [offlineh users   ]  busybox
>> > └── [offlineh users   ]  busybox-static_1.17.1-8_amd64.deb
>> >
>> > It works just fine as root and these folders gets created:
>> > busybox
>> > ├── [offlineh users   ]  busybox
>> > ├── [offlineh users   ]  busybox-static_1.17.1-8_amd64.deb
>> > ├── [root     root    ]  dev
>> > ├── [root     root    ]  .oldroot
>> > ├── [root     root    ]  proc
>> > └── [root     root    ]  sys
>> >
>> > When i start it with idmap with clean rootfs(dev proc sys and .oldroot
>> deleted) i get this error, and it is a  little bit different now:
>> > error: Failed to create domain from helloworld.xml
>> > error: internal error: guest failed to start: 2013-09-06
>> 11:24:57.088+0000: 5794: debug : virFileC
>> >
>> > And log is pretty similar:
>> > sep 06 11:24:56 laptop libvirtd[1542]: EVENT_POLL_UPDATE_HANDLE:
>> watch=241 events=1
>> > sep 06 11:24:57 laptop libvirtd[1542]: Skip interrupt, 1 140499747788544
>> > sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90
>> > sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90
>> > sep 06 11:24:57 laptop libvirtd[1542]: server=0x7fc8a60ddd60
>> client=0x7fc8a60e8bb0 msg=0x7fc8a60e6970 rerr=0x7fc89a32cd40
>> args=0x7fc8880160a0 ret=0x7fc888016030
>> > sep 06 11:24:57 laptop libvirtd[1542]: priv=0x7fc8a60ea3a0 conn=(nil)
>> > sep 06 11:24:57 laptop libvirtd[1542]: name=lxc:///
>> > sep 06 11:24:57 laptop libvirtd[1542]: Cannot recv data: Connection
>> reset by peer
>> > sep 06 11:24:57 laptop libvirtd[1542]: internal error: guest failed to
>> start: 2013-09-06 11:24:57.088+0000: 5794: debug : virFileC
>> >
>> > Rootfs after failed creation looks like this:
>> > busybox
>> > ├── [offlineh users   ]  busybox
>> > ├── [offlineh users   ]  busybox-static_1.17.1-8_amd64.deb
>> > ├── [offlineh users   ]  .oldroot
>> > ├── [offlineh users   ]  proc
>> > └── [offlineh users   ]  sys
>> >
>> > I have debugging enabled, at least LIBVIRT_DEBUG is set to 1 and i get
>> much more messages. If there's any my granular debug please let me know.
>> >
>> > PS: I forgot to mention my version of libvirt is 1.1.2
>> >
>>
>> OK, I get it, Maybe you need this patch
>>
>> 1583dfda7c4e5ad71efe0615c06e5676528d8203
>> LXC: Don't mount securityfs when user namespace enabled
>>
>> Thanks
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20130909/a31e1937/attachment.htm>

More information about the libvirt-users mailing list