Bug#785597: lxc: fails to create or start unprivileged containers as user

Mon, 18 May 2015 00:12:56 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: lxc
Version: 1:1.0.6-6
Severity: minor

Dear Maintainer,

I was trying to make unprivileged user-containers, but failed. I also tried to 
make a
container usind 'sudo', then moving it into the home-directory of the user and 
changing
ownership and group, but this did not work out either, see below. Logfiles are 
attached.
There is a report saying, lxc version 1.1 should be backported to Jessie, but 
it is not
there yet.
Upon trying to start the container, I made with 'sudo', there is a problem with 
the
ssh-session, i need to log out and log in again, because it does not show, what 
I type
anymore.
I say it's a minor issue, because I can use a root-containers instead, which 
works well
enough. Very high security is not really necessary for my application case.


> contain@dhsrv:~$ lxc-start -n privo-squid -d -F --logfile=lxc.log.txt
> --logpriority=DEBUG unshare: Operation not permitted
> read pipe: No such file or directory
> lxc-start: Failed to chown /dev/pts/7
> lxc-start: Failed to shift tty into container
> lxc-start: failed to initialize the container
> lxc-start: The container failed to start.
> lxc-start: Additional information can be obtained by setting the --logfile and
> --logpriority options.
> 
> .
> ..
> .
> 
> contain@dhsrv:~$ lxc-create -t download -n testcont --logfile=lxcc.log.txt
> --logpriority=DEBUG unshare: Operation not permitted
> read pipe: No such file or directory
> lxc-create: Failed to chown container dir
> lxc-create: Error creating container testcont
> contain@dhsrv:~$ lxc-create -t download -n testcont -P /home/contain/stora
> --logfile=lxcc.log.txt --logpriority=DEBUG unshare: Operation not permitted
> read pipe: No such file or directory
> lxc-create: Failed to chown container dir
> lxc-create: Error creating container testcont



- -- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.7-ckt9-es-via-c7
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages lxc depends on:
ii  init-system-helpers  1.22
ii  libapparmor1         2.9.0-3
ii  libc6                2.19-18
ii  libcap2              1:2.24-8
ii  libseccomp2          2.1.1-1
ii  libselinux1          2.3-2
ii  multiarch-support    2.19-18
ii  python3              3.4.2-2

Versions of packages lxc recommends:
ii  debootstrap  1.0.67
ii  openssl      1.0.1k-3
ii  rsync        3.1.1-3

Versions of packages lxc suggests:
pn  lua5.2  <none>

- -- Configuration Files:
/etc/lxc/default.conf changed:
lxc.arch = x86
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = cbr0
lxc.id_map = u 0 100000 65537 
lxc.id_map = g 0 100000 65537 


- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlVZj7UACgkQ5+rBHyUt5wsCBwCfcmeQ7gl5mucdDG+lVKHkVPps
YD8An3zoixC3rzcv/4nSlrh99u3aieGL
=CCzq
-----END PGP SIGNATURE-----

     lxc-create 1431931713.508 WARN     lxc_log - lxc_log_init called with log 
already initialized
     lxc-create 1431931713.510 INFO     lxc_confile - read uid map: type u nsid 
0 hostid 100000 range 65536
     lxc-create 1431931713.510 INFO     lxc_confile - read uid map: type g nsid 
0 hostid 100000 range 65536
     lxc-create 1431931713.522 ERROR    lxc_container - Failed to chown 
container dir
     lxc-create 1431931713.522 ERROR    lxc_create_ui - Error creating 
container testcont
     lxc-create 1431931836.838 WARN     lxc_log - lxc_log_init called with log 
already initialized
     lxc-create 1431931836.839 INFO     lxc_confile - read uid map: type u nsid 
0 hostid 100000 range 65536
     lxc-create 1431931836.839 INFO     lxc_confile - read uid map: type g nsid 
0 hostid 100000 range 65536
     lxc-create 1431931836.850 ERROR    lxc_container - Failed to chown 
container dir
     lxc-create 1431931836.850 ERROR    lxc_create_ui - Error creating 
container testcont

      lxc-start 1431931179.231 INFO     lxc_start_ui - using rcfile 
/home/contain/stora/privo-squid/config
      lxc-start 1431931179.233 INFO     lxc_confile - read uid map: type u nsid 
0 hostid 100000 range 65537
      lxc-start 1431931179.233 INFO     lxc_confile - read uid map: type g nsid 
0 hostid 100000 range 65537
      lxc-start 1431931179.234 WARN     lxc_log - lxc_log_init called with log 
already initialized
      lxc-start 1431931179.234 INFO     lxc_lsm - LSM security driver nop
      lxc-start 1431931179.249 INFO     lxc_conf - tty's configured
      lxc-start 1431931179.252 INFO     lxc_caps - Last supported cap was 36
      lxc-start 1431931179.273 ERROR    lxc_conf - Failed to chown /dev/pts/7
      lxc-start 1431931179.273 ERROR    lxc_start - Failed to shift tty into 
container
      lxc-start 1431931179.274 ERROR    lxc_start - failed to initialize the 
container
      lxc-start 1431931179.274 ERROR    lxc_start_ui - The container failed to 
start.
      lxc-start 1431931179.274 ERROR    lxc_start_ui - Additional information 
can be obtained by setting the --logfile and --logpriority options.
      lxc-start 1431931383.988 INFO     lxc_start_ui - using rcfile 
/home/contain/stora/privo-squid/config
      lxc-start 1431931383.989 INFO     lxc_confile - read uid map: type u nsid 
0 hostid 100000 range 65537
      lxc-start 1431931383.989 INFO     lxc_confile - read uid map: type g nsid 
0 hostid 100000 range 65537
      lxc-start 1431931383.989 WARN     lxc_log - lxc_log_init called with log 
already initialized
      lxc-start 1431931383.990 INFO     lxc_lsm - LSM security driver nop
      lxc-start 1431931383.992 DEBUG    lxc_conf - allocated pty '/dev/pts/7' 
(5/6)
      lxc-start 1431931383.992 DEBUG    lxc_conf - allocated pty '/dev/pts/8' 
(7/8)
      lxc-start 1431931383.993 DEBUG    lxc_conf - allocated pty '/dev/pts/9' 
(9/10)
      lxc-start 1431931383.993 DEBUG    lxc_conf - allocated pty '/dev/pts/10' 
(11/12)
      lxc-start 1431931383.993 INFO     lxc_conf - tty's configured
      lxc-start 1431931383.993 DEBUG    lxc_start - sigchild handler set
      lxc-start 1431931383.993 DEBUG    lxc_console - opening /dev/tty for 
console peer
      lxc-start 1431931383.993 INFO     lxc_caps - Last supported cap was 36
      lxc-start 1431931383.993 DEBUG    lxc_console - using '/dev/tty' as 
console
      lxc-start 1431931383.993 DEBUG    lxc_console - 3924 got SIGWINCH fd 17
      lxc-start 1431931383.993 DEBUG    lxc_console - set winsz dstfd:14 
cols:114 rows:33
      lxc-start 1431931384.005 ERROR    lxc_conf - Failed to chown /dev/pts/7
      lxc-start 1431931384.005 ERROR    lxc_start - Failed to shift tty into 
container
      lxc-start 1431931384.006 ERROR    lxc_start - failed to initialize the 
container
      lxc-start 1431931384.006 ERROR    lxc_start_ui - The container failed to 
start.
      lxc-start 1431931384.006 ERROR    lxc_start_ui - Additional information 
can be obtained by setting the --logfile and --logpriority options.

Reply via email to