Hi there!
I am trying to turn on user namespace by adding following lines to the config:
<idmap>
<uid start='0' target='0' count='100000'/>
<gid start='0' target='0' count='100000'/>
</idmap>
As you can see the root in container is mapped to the root outside. I was expected to see no difference after adding this lines, but unfortunately there are some (see details below).
Am I missing something or is there a problem with system, libvirt or kernel?
Full libvirt config:
<domain type='lxc'>
<name>test_with_idmap</name>
<memory>102400</memory>
<os>
<type>exe</type>
<init>/usr/lib/systemd/systemd</init>
</os>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<idmap>
<uid start='0' target='0' count='100000'/>
<gid start='0' target='0' count='100000'/>
</idmap>
<devices>
<console type='pty'/>
<filesystem type='mount'>
<source dir='/guest'/>
<target dir='/'/>
</filesystem>
</devices>
</domain>
root:~> uname -a
Linux localhost 3.10.19-01077-g4a19d28-dirty #5 SMP PREEMPT Mon Jan 13
12:56:09 CET 2014 armv7l GNU/Linux
root:~> libvirtd --version
libvirtd (libvirt) 1.2.1
root:~> systemd --version
systemd 204
After adding idmap to config systemd can't start many of its services, in particular:
Failed to mount Debug File System.
Failed to mount Configuration File System.
Failed to mount FUSE Control File System.
Failed to start udev Kernel Device Manager.
Failed to start Remount Root and Kernel File Systems.
Failed to start Journal Service.
systemctl status says:
ExecMount=/bin/mount debugfs /sys/kernel/debug -t debugfs (code=exited, status=32)
ExecMount=/bin/mount configfs /sys/kernel/config -t configfs (code=exited, status=32) ExecMount=/bin/mount fusectl /sys/fs/fuse/connections -t fusectl (code=exited, status=32) ExecStart=/usr/lib/systemd/systemd-udevd (code=exited,status=206/OOM_ADJUST)
ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited,status=1/FAILURE)
ExecStart=/usr/lib/systemd/systemd-journald (code=exited, status=218/CAPABILITIES)
Thanks!