On di, 2017-05-30 at 15:17 -0700, Ben Warren wrote: > Hi, > > I’m using an LXC to build up a rootfs for another target, and am > unable to mount a squashfs image: > > root@cd-build-dev-385:~# mount -t squashfs -r myproject.squashfs mnt > ioctl: LOOP_SET_STATUS: Operation not permitted > root@cd-build-dev-385:~# > > If I instead use ‘unsquashfs’, I get into device creation errors: > > root@cd-build-dev-385:~# unsquashfs -x myproject.squashfs > Parallel unsquashfs: Using 4 processors > 13529 inodes (15282 blocks) to write > > [| > ] 21/15282 0% > create_inode: failed to create character device squashfs- > root/dev/console, because Operation not permitted > create_inode: failed to create character device squashfs- > root/dev/null, because Operation not permitted > create_inode: failed to create character device squashfs- > root/dev/ptmx, because Operation not permitted > create_inode: failed to create character device squashfs- > root/dev/urandom, because Operation not permitted > create_inode: failed to create character device squashfs- > root/dev/zero, because Operation not permitted > > > I assume the two issues are related, assuming that creation of device > nodes within an unprivileged container is prohibited. In my case I’m > less concerned about security, and am using containers more for > encapsulation. > > Is there a configuration override that will allow dynamic device > creation within a container, or another way of going about this? I > know that I can add device nodes externally using ‘lxc device add …’ > and have used it for creating loopback devices, but that’s static. > > Environment: > host: Ubuntu 14.04 > LXC: > ben@ben-sc:~$ dpkg -l | grep lx[cd] > ii liblxc1 2.0.7- > 0ubuntu1~14.04.1skyport1 amd64 Linux Containers > userspace tools (library) > ii lxc-common 2.0.7- > 0ubuntu1~14.04.1skyport1 amd64 Linux Containers > userspace tools (common tools) > ii lxcfs 2.0.6- > 0ubuntu1~14.04.1 amd64 FUSE based > filesystem for LXC > ii lxd 2.0.9- > 0ubuntu1~14.04.1 amd64 Container > hypervisor based on LXC - daemon > ii lxd-client 2.0.9- > 0ubuntu1~14.04.1 amd64 Container > hypervisor based on LXC - client > > Note that I’ve built the LXC libraries from source, but based on the > current ‘ubuntu-trusty-backports’ .deb packages. > > regards, > Ben > >
I think you'll have to use either a privileged container or use squashfuse and set privileges for fuse (if still needed). _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
