[libvirt-users] Libvirt-LXC + systemd + user namespace

Jan Olszak j.olszak at samsung.com
Tue Jan 28 11:32:41 UTC 2014 

Hi there!

I am trying to turn on user namespace by adding following lines to the
config:

 

   <idmap>

     <uid start='0' target='0' count='100000'/>

     <gid start='0' target='0' count='100000'/>

   </idmap>

 

As you can see the root in container is mapped to the root outside. I was
expected to see no difference after adding this lines, but unfortunately
there are some (see details below). 

Am I missing something or is there a problem with system, libvirt or kernel?

 

 

Full libvirt config:

 

<domain type='lxc'>

<name>test_with_idmap</name>

<memory>102400</memory>

<os>

   <type>exe</type>

   <init>/usr/lib/systemd/systemd</init>

</os>

<on_poweroff>destroy</on_poweroff>

<on_reboot>restart</on_reboot>

<on_crash>destroy</on_crash>

<idmap>

  <uid start='0' target='0' count='100000'/>

  <gid start='0' target='0' count='100000'/>

</idmap>

<devices>

   <console type='pty'/>

   <filesystem type='mount'>

      <source dir='/guest'/>

      <target dir='/'/>

   </filesystem>

</devices>

</domain>

 

root:~> uname -a

Linux localhost 3.10.19-01077-g4a19d28-dirty #5 SMP PREEMPT Mon Jan 13

12:56:09 CET 2014 armv7l GNU/Linux

 

root:~> libvirtd --version

libvirtd (libvirt) 1.2.1

 

root:~> systemd --version

systemd 204

 

 

After adding idmap to config systemd can't start many of its services, in
particular:

Failed to mount Debug File System.

Failed to mount Configuration File System.

Failed to mount FUSE Control File System.

Failed to start udev Kernel Device Manager.

Failed to start Remount Root and Kernel File Systems.

Failed to start Journal Service.

 

systemctl status says:

ExecMount=/bin/mount debugfs /sys/kernel/debug -t debugfs (code=exited,
status=32)

ExecMount=/bin/mount configfs /sys/kernel/config -t configfs (code=exited,
status=32) ExecMount=/bin/mount fusectl /sys/fs/fuse/connections -t fusectl
(code=exited, status=32) ExecStart=/usr/lib/systemd/systemd-udevd
(code=exited,status=206/OOM_ADJUST)

ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited,status=1/FAILURE)

ExecStart=/usr/lib/systemd/systemd-journald (code=exited,
status=218/CAPABILITIES)

 

Thanks!

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20140128/6633d950/attachment.htm>

More information about the libvirt-users mailing list