9:26 a.m.
It seems to be working now, what I needed was libvirt built with libcap
support and also securityfs patch. Thanks!
On Mon, Sep 9, 2013 at 1:08 PM, Jaka Hudoklin <jakahudoklin(a)gmail.com>wrote:
I applied your patch, but no success. What bothers me is that
connection
gets reseted. By the way, i'm using systemd, with process started in
forking mode and as daemon. Could this cause any problems?
This is my libvirtd.conf, if it helps anything:
unix_sock_group = "libvirtd"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
Can you please tell me easy to setup distro with systemd that user
namespaces work, so i can compare.
Thanks!
On Mon, Sep 9, 2013 at 3:08 AM, Gao feng <gaofeng(a)cn.fujitsu.com> wrote:
> On 09/06/2013 07:32 PM, Jaka Hudoklin wrote:
> > Hello!
> >
> > Okay i tried again with only staticly linked busybox:
> > offlinehacker:~/ $ /home/offlinehacker/busybox/busybox
> > BusyBox v1.17.1 (Debian 1:1.17.1-8) multi-call binary.
> > Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko
> > and others. Licensed under GPLv2.
> > See source distribution for full notice.
> > ....
> >
> > Again my id:
> > uid=499(offlinehacker) gid=100(users)
> groups=100(users),1(wheel),57(networkmanager)
> >
> > My rootfs tree(/home/offlinehacker/busybox):
> > busybox
> > ├── [offlineh users ] busybox
> > └── [offlineh users ] busybox-static_1.17.1-8_amd64.deb
> >
> > It works just fine as root and these folders gets created:
> > busybox
> > ├── [offlineh users ] busybox
> > ├── [offlineh users ] busybox-static_1.17.1-8_amd64.deb
> > ├── [root root ] dev
> > ├── [root root ] .oldroot
> > ├── [root root ] proc
> > └── [root root ] sys
> >
> > When i start it with idmap with clean rootfs(dev proc sys and .oldroot
> deleted) i get this error, and it is a little bit different now:
> > error: Failed to create domain from helloworld.xml
> > error: internal error: guest failed to start: 2013-09-06
> 11:24:57.088+0000: 5794: debug : virFileC
> >
> > And log is pretty similar:
> > sep 06 11:24:56 laptop libvirtd[1542]: EVENT_POLL_UPDATE_HANDLE:
> watch=241 events=1
> > sep 06 11:24:57 laptop libvirtd[1542]: Skip interrupt, 1 140499747788544
> > sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90
> > sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90
> > sep 06 11:24:57 laptop libvirtd[1542]: server=0x7fc8a60ddd60
> client=0x7fc8a60e8bb0 msg=0x7fc8a60e6970 rerr=0x7fc89a32cd40
> args=0x7fc8880160a0 ret=0x7fc888016030
> > sep 06 11:24:57 laptop libvirtd[1542]: priv=0x7fc8a60ea3a0 conn=(nil)
> > sep 06 11:24:57 laptop libvirtd[1542]: name=lxc:///
> > sep 06 11:24:57 laptop libvirtd[1542]: Cannot recv data: Connection
> reset by peer
> > sep 06 11:24:57 laptop libvirtd[1542]: internal error: guest failed to
> start: 2013-09-06 11:24:57.088+0000: 5794: debug : virFileC
> >
> > Rootfs after failed creation looks like this:
> > busybox
> > ├── [offlineh users ] busybox
> > ├── [offlineh users ] busybox-static_1.17.1-8_amd64.deb
> > ├── [offlineh users ] .oldroot
> > ├── [offlineh users ] proc
> > └── [offlineh users ] sys
> >
> > I have debugging enabled, at least LIBVIRT_DEBUG is set to 1 and i get
> much more messages. If there's any my granular debug please let me know.
> >
> > PS: I forgot to mention my version of libvirt is 1.1.2
> >
>
> OK, I get it, Maybe you need this patch
>
> 1583dfda7c4e5ad71efe0615c06e5676528d8203
> LXC: Don't mount securityfs when user namespace enabled
>
> Thanks
>