Re: [libvirt-users] User Namespace in LXC
Hi Gao,
Thanks a lot for your help. I'm currently upgrading my kernel (from 3.9.5
to 3.11.7) and checking if user namespace works or not.
Regards,
Saurabh Deochake,
On Wed, Nov 13, 2013 at 11:10 AM, Gao feng <gaofeng(a)cn.fujitsu.com> wrote:
Hi Saurabh,
First of all. I think there are something wrong in you container configure
file
the <idmap> should under <domain>.
such as
<domain type='lxc'>
<name>xxx</name>
<memory unit='KiB'>102400</memory>
<currentMemory unit='KiB'>102400</currentMemory>
<vcpu placement='static'>1</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64'>exe</type>
<init>/bin/sh</init>
</os>
<idmap>
<uid start='0' target='1000' count='10'/>
<gid start='0' target='1000' count='10'/>
</idmap>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<console type='pty'>
<target type='lxc' port='0'/>
</console>
</devices>
</domain>
If your system doesn't support user namespace and your container has
configure file,
then when you start container, this error will be threw out.
error: Failed to start domain xxx
error: internal error: guest failed to start: Kernel doesn't support user
namespace:
If your configure file is right and the libvirt_lxc doesn't throw out
error message,
it's a bug we should fix.
On 11/13/2013 01:24 PM, Saurabh Deochake wrote:
> Hi Gao,
>
> I checked the output of "lxc-checkconfig" command and it showed
>
> --- Namespaces ---
> Namespaces: enabled
> Utsname namespace: enabled
> Ipc namespace: enabled
> Pid namespace: enabled
> *User namespace: missing*
> Network namespace: enabled
> Multiple /dev/pts instances: enabled
>
> Here it shows that User namespace support is missing. I tried to check
for Namespaces Support in kernel menuconfig. It has support for following
namespaces only:
>
> --- Namespaces support
> [*] UTS namespace
> [*] IPC namespace
> [*] PID Namespaces
> [*] Network namespace
>
> There is no User Namespace support. So do I need to patch the kernel for
user namespace support? What should I do in order to get user namespace
working?
>
> Following are my system details:
> OS: Fedora 19
> Kernel: 3.9.5
>
Disable the xfs filesystem, and then you will see User namespace under
Namespaces support.
Enjoy it.
Thanks
Attachments:
- attachment.html (text/html — 3.4 KB)