Mateusz
2018-10-10 07:54:58 UTC
Hi !
Having working Ubuntu 18.04 privileged container [1] on 18.04 Ubuntu host, I
am trying convert it to unprivileged [2], but starting it fails [3] with:
Permission denied - Failed to mount "/var/lib/lxc/C/rootfs" on "/usr/lib/
x86_64-linux-gnu/lxc"
Any hint what I am doing wrong?
Thanks in advance, regards!
[1]:
***@host7:/var/lib/lxc# lxc-ls template_ubuntu_18_04_amd64 --fancy
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
template_ubuntu_18_04_amd64 STOPPED 0 template - - false
***@host7:/var/lib/lxc# lxc-start template_ubuntu_18_04_amd64
***@host7:/var/lib/lxc# lxc-ls template_ubuntu_18_04_amd64 --fancy
NAME STATE AUTOSTART GROUPS IPV4 IPV6
UNPRIVILEGED
template_ubuntu_18_04_amd64 RUNNING 0 template 10.30.3.200 - false
***@host7:/var/lib/lxc# lxc-attach template_ubuntu_18_04_amd64
***@template_ubuntu_18_04_amd64:/# systemctl status
● template_ubuntu_18_04_amd64
State: running
Jobs: 0 queued
Failed: 0 units
[2]:
***@host7:/var/lib/lxc# cp -a template_ubuntu_18_04_amd64/
template_ubuntu_18_04_amd64_unpriv
Setting template_ubuntu_18_04_amd64_unpriv in paths:
vim template_ubuntu_18_04_amd64_unpriv/config
Having 1G - 2G subuid/gids allocated for root:
***@host7:/var/lib/lxc# grep root /etc/subgid
root:1000000000:1000000000
***@host7:/var/lib/lxc# grep root /etc/subuid
root:1000000000:1000000000
Converting 65536 uids/gids to start from 1020000000 :
fuidshift /var/lib/lxc/template_ubuntu_18_04_amd64_unpriv/rootfs b:
0:1020000000:65536
Adding same mapping to config:
lxc.idmap = u 0 1020000000 65536
lxc.idmap = g 0 1020000000 65536
[3]:
lxc-start template_ubuntu_18_04_amd64_unpriv --logfile
template_ubuntu_18_04_amd64_unpriv.log --logpriority DEBUG
***@host7:/var/lib/lxc# grep ERR template_ubuntu_18_04_amd64_unpriv.log
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR dir -
storage/dir.c:dir_mount:189 - Permission denied - Failed to mount "/var/lib/
lxc/template_ubuntu_18_04_amd64_unpriv/rootfs" on "/usr/lib/x86_64-linux-gnu/
lxc"
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR
lxc_conf - conf.c:lxc_setup_rootfs:1363 - Failed to mount rootfs "/var/lib/
lxc/template_ubuntu_18_04_amd64_unpriv/rootfs" onto "/usr/lib/x86_64-linux-
gnu/lxc" with options "(null)"
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR
lxc_conf - conf.c:do_rootfs_setup:3311 - Failed to setup rootfs for
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR
lxc_conf - conf.c:lxc_setup:3375 - Failed to setup rootfs
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR
lxc_start - start.c:do_start:1219 - Failed to setup container
"template_ubuntu_18_04_amd64_unpriv"
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.965 ERROR
lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process
(expected sequence number 5)
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.965 ERROR
lxc_container - lxccontainer.c:wait_on_daemonized_start:834 - Received
container state "ABORTING" instead of "RUNNING"
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.965 ERROR
lxc_start - start.c:__lxc_start:1887 - Failed to spawn container
"template_ubuntu_18_04_amd64_unpriv"
Having working Ubuntu 18.04 privileged container [1] on 18.04 Ubuntu host, I
am trying convert it to unprivileged [2], but starting it fails [3] with:
Permission denied - Failed to mount "/var/lib/lxc/C/rootfs" on "/usr/lib/
x86_64-linux-gnu/lxc"
Any hint what I am doing wrong?
Thanks in advance, regards!
[1]:
***@host7:/var/lib/lxc# lxc-ls template_ubuntu_18_04_amd64 --fancy
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
template_ubuntu_18_04_amd64 STOPPED 0 template - - false
***@host7:/var/lib/lxc# lxc-start template_ubuntu_18_04_amd64
***@host7:/var/lib/lxc# lxc-ls template_ubuntu_18_04_amd64 --fancy
NAME STATE AUTOSTART GROUPS IPV4 IPV6
UNPRIVILEGED
template_ubuntu_18_04_amd64 RUNNING 0 template 10.30.3.200 - false
***@host7:/var/lib/lxc# lxc-attach template_ubuntu_18_04_amd64
***@template_ubuntu_18_04_amd64:/# systemctl status
● template_ubuntu_18_04_amd64
State: running
Jobs: 0 queued
Failed: 0 units
[2]:
***@host7:/var/lib/lxc# cp -a template_ubuntu_18_04_amd64/
template_ubuntu_18_04_amd64_unpriv
Setting template_ubuntu_18_04_amd64_unpriv in paths:
vim template_ubuntu_18_04_amd64_unpriv/config
Having 1G - 2G subuid/gids allocated for root:
***@host7:/var/lib/lxc# grep root /etc/subgid
root:1000000000:1000000000
***@host7:/var/lib/lxc# grep root /etc/subuid
root:1000000000:1000000000
Converting 65536 uids/gids to start from 1020000000 :
fuidshift /var/lib/lxc/template_ubuntu_18_04_amd64_unpriv/rootfs b:
0:1020000000:65536
Adding same mapping to config:
lxc.idmap = u 0 1020000000 65536
lxc.idmap = g 0 1020000000 65536
[3]:
lxc-start template_ubuntu_18_04_amd64_unpriv --logfile
template_ubuntu_18_04_amd64_unpriv.log --logpriority DEBUG
***@host7:/var/lib/lxc# grep ERR template_ubuntu_18_04_amd64_unpriv.log
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR dir -
storage/dir.c:dir_mount:189 - Permission denied - Failed to mount "/var/lib/
lxc/template_ubuntu_18_04_amd64_unpriv/rootfs" on "/usr/lib/x86_64-linux-gnu/
lxc"
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR
lxc_conf - conf.c:lxc_setup_rootfs:1363 - Failed to mount rootfs "/var/lib/
lxc/template_ubuntu_18_04_amd64_unpriv/rootfs" onto "/usr/lib/x86_64-linux-
gnu/lxc" with options "(null)"
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR
lxc_conf - conf.c:do_rootfs_setup:3311 - Failed to setup rootfs for
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR
lxc_conf - conf.c:lxc_setup:3375 - Failed to setup rootfs
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.964 ERROR
lxc_start - start.c:do_start:1219 - Failed to setup container
"template_ubuntu_18_04_amd64_unpriv"
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.965 ERROR
lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process
(expected sequence number 5)
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.965 ERROR
lxc_container - lxccontainer.c:wait_on_daemonized_start:834 - Received
container state "ABORTING" instead of "RUNNING"
lxc-start template_ubuntu_18_04_amd64_unpriv 20181010073834.965 ERROR
lxc_start - start.c:__lxc_start:1887 - Failed to spawn container
"template_ubuntu_18_04_amd64_unpriv"
--
Mateusz
(...) mam brata - poważny, domator, liczykrupa, hipokryta, pobożniś,
krótko mówiąc - podpora społeczeństwa."
Nikos Kazantzakis - "Grek Zorba"
Mateusz
(...) mam brata - poważny, domator, liczykrupa, hipokryta, pobożniś,
krótko mówiąc - podpora społeczeństwa."
Nikos Kazantzakis - "Grek Zorba"