[libvirt] LXC container with user namespace and root fs on loop device - how it's supposed to work?
Dmitry Guryanov
dguryanov at parallels.com
Thu Mar 19 13:02:27 UTC 2015
Hello,
It's not possible to start LXC container inside user namespace with root
filesystem on loop device, because it tries to mount root FS from
container's user namespace (lxcContainerSetupPivotRoot) and gets EPERM:
2015-03-19 12:48:18.545+0000: 1: debug : lxcContainerChild:2278 :
Tearing down container
Failed to mount device /dev/loop0 to
/var/run/libvirt/lxc/instance-0000000b.root: Operation not permitted
So I wonder, if someone tried to run LXC container with such
configuration with success.
Here is my config:
<domain type='lxc'>
<name>instance-0000000b</name>
<uuid>d918c415-0a00-4c12-896e-19e4711111d3</uuid>
<memory unit='KiB'>524288</memory>
<currentMemory unit='KiB'>524288</currentMemory>
<cputune>
<shares>1024</shares>
</cputune>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
<cmdline>console=tty0 console=ttyS0</cmdline>
</os>
<idmap>
<uid start='0' target='10000' count='1000'/>
<gid start='0' target='10000' count='1000'/>
</idmap>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/libexec/libvirt_lxc</emulator>
<filesystem type='file' accessmode='passthrough'>
<driver type='loop' format='raw'/>
<source file='/root/2.img'/>
<target dir='/'/>
</filesystem>
<console type='pty'>
<target type='lxc' port='0'/>
</console>
</devices>
</domain>
--
Dmitry Guryanov
More information about the libvir-list
mailing list