And if needed, i can recompile from source and place custom debug handlers, but i need some pointers where it could have go wrong. Thanks, Jaka! On Fri, Sep 6, 2013 at 1:32 PM, Jaka Hudoklin <jakahudoklin@gmail.com>wrote:
Hello!
Okay i tried again with only staticly linked busybox: offlinehacker:~/ $ /home/offlinehacker/busybox/busybox BusyBox v1.17.1 (Debian 1:1.17.1-8) multi-call binary. Copyright (C) 1998-2009 Erik Andersen, Rob Landley, Denys Vlasenko and others. Licensed under GPLv2. See source distribution for full notice. ....
Again my id: uid=499(offlinehacker) gid=100(users) groups=100(users),1(wheel),57(networkmanager)
My rootfs tree(/home/offlinehacker/busybox): busybox ├── [offlineh users ] busybox └── [offlineh users ] busybox-static_1.17.1-8_amd64.deb
It works just fine as root and these folders gets created: busybox ├── [offlineh users ] busybox ├── [offlineh users ] busybox-static_1.17.1-8_amd64.deb ├── [root root ] dev ├── [root root ] .oldroot ├── [root root ] proc └── [root root ] sys
When i start it with idmap with clean rootfs(dev proc sys and .oldroot deleted) i get this error, and it is a little bit different now: error: Failed to create domain from helloworld.xml error: internal error: guest failed to start: 2013-09-06 11:24:57.088+0000: 5794: debug : virFileC
And log is pretty similar: sep 06 11:24:56 laptop libvirtd[1542]: EVENT_POLL_UPDATE_HANDLE: watch=241 events=1 sep 06 11:24:57 laptop libvirtd[1542]: Skip interrupt, 1 140499747788544 sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90 sep 06 11:24:57 laptop libvirtd[1542]: OBJECT_REF: obj=0x7fc878000c90 sep 06 11:24:57 laptop libvirtd[1542]: server=0x7fc8a60ddd60 client=0x7fc8a60e8bb0 msg=0x7fc8a60e6970 rerr=0x7fc89a32cd40 args=0x7fc8880160a0 ret=0x7fc888016030 sep 06 11:24:57 laptop libvirtd[1542]: priv=0x7fc8a60ea3a0 conn=(nil) sep 06 11:24:57 laptop libvirtd[1542]: name=lxc:/// sep 06 11:24:57 laptop libvirtd[1542]: Cannot recv data: Connection reset by peer sep 06 11:24:57 laptop libvirtd[1542]: internal error: guest failed to start: 2013-09-06 11:24:57.088+0000: 5794: debug : virFileC
Rootfs after failed creation looks like this: busybox ├── [offlineh users ] busybox ├── [offlineh users ] busybox-static_1.17.1-8_amd64.deb ├── [offlineh users ] .oldroot ├── [offlineh users ] proc └── [offlineh users ] sys
I have debugging enabled, at least LIBVIRT_DEBUG is set to 1 and i get much more messages. If there's any my granular debug please let me know.
PS: I forgot to mention my version of libvirt is 1.1.2
Thanks, Jaka!
On Fri, Sep 6, 2013 at 3:41 AM, Gao feng <gaofeng@cn.fujitsu.com> wrote:
On 09/06/2013 03:15 AM, Jaka Hudoklin wrote:
Hello!
I'm testing user namespaces and I have quite some problem getting them to work.
First of all, I have user namespaces support enabled in kernel:
offlinehacker:~/ $ uname -r 3.10.10 offlinehacker:~/ $ ls /proc/self/ns/ ipc@ mnt@ net@ pid@ user@ uts@
I created simple ubuntu rootfs and when I start container without idmap, so without user namespace mappings, it works just fine:
Libivrt config:
<domain type='lxc'> <name>helloworld</name> <memory>102400</memory> <os> <type>exe</type> <init>/bin/dash</init> </os> <!--<idmap> <uid start='0' target='499' count='10'/> <gid start='0' target='100' count='10'/> </idmap>--> <devices> <console type='pty'/> <filesystem type='mount'> <source dir='/home/offlinehacker/rootfs'/> <target dir='/'/> </filesystem> </devices> </domain>
Your configuration looks good.
This is how my rootfs looks like:
offlinehacker:~/ $ ls -la rootfs drwxr-xr-x 23 offlinehacker users 4096 sep 5 19:06 ./ drwxr-xr-x 59 offlinehacker users 4096 sep 5 19:06 ../ drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 bin/ drwxr-xr-x 3 offlinehacker users 4096 avg 27 14:11 boot/ drwxr-xr-x 4 offlinehacker users 4096 avg 27 14:11 dev/ drwxr-xr-x 86 offlinehacker users 4096 sep 5 18:20 etc/ drwxr-xr-x 3 offlinehacker users 4096 avg 27 14:11 home/ lrwxrwxrwx 1 offlinehacker users 33 avg 27 14:10 initrd.img -> /boot/initrd.img-3.2.0-52-virtual drwxr-xr-x 18 offlinehacker users 4096 avg 27 14:10 lib/ drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:10 lib64/ drwx------ 2 offlinehacker users 4096 avg 27 14:11 lost+found/ drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 media/ drwxr-xr-x 2 offlinehacker users 4096 apr 19 2012 mnt/ drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 opt/ -rw-r--r-- 1 offlinehacker vboxusers 231671365 avg 27 14:12 precise-server-cloudimg-amd64-root.tar.gz drwxr-xr-x 2 offlinehacker users 4096 apr 19 2012 proc/ drwx------ 2 offlinehacker users 4096 sep 3 23:47 root/ drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 run/ drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:11 sbin/ drwxr-xr-x 2 offlinehacker users 4096 mar 5 2012 selinux/ drwxr-xr-x 2 offlinehacker users 4096 avg 27 14:09 srv/ drwxr-xr-x 2 offlinehacker users 4096 apr 14 2012 sys/ drwxrwxrwt 2 offlinehacker users 4096 sep 4 01:39 tmp/ drwxr-xr-x 10 offlinehacker users 4096 avg 27 14:09 usr/ drwxr-xr-x 12 offlinehacker users 4096 sep 5 18:10 var/ lrwxrwxrwx 1 offlinehacker users 29 avg 27 14:10 vmlinuz -> boot/vmlinuz-3.2.0-52-virtual
And this is who I am: offlinehacker:~/ $ id uid=499(offlinehacker) gid=67(libvirtd) groups=100(users),1(wheel),57(networkmanager),67(libvirtd)
Can this user exec //home/offlinehacker/rootfs/bin/dash successfully ?
When I create the container with idmap uncommented I get the following
error:
offlinehacker:~/ $ virsh -c lxc:/// create helloworld.xml error: Failed to create domain from helloworld.xml error: internal error: guest failed to start: 2013-09-05
19:08:57.781+0000: 19036: debug
And these are the logs: sep 05 19:08:52 laptop libvirtd[1542]: server=0x7fc8a60ddd60
sep 05 19:08:52 laptop libvirtd[1542]: priv=0x7fc8a60e91f0 conn=(nil) sep 05 19:08:52 laptop libvirtd[1542]: name=lxc:/// sep 05 19:08:57 laptop libvirtd[1542]: Cannot recv data: Connection reset by peer sep 05 19:08:58 laptop libvirtd[1542]: internal error: guest failed to start: 2013-09-05 19:08:57.781+0000: 19036: debug
Looks like .oldroot, dev, proc and sys gets created with mapped
client=0x7fc8a60e68d0 msg=0x7fc8a60e9380 rerr=0x7fc89a32cd40 args=0x7fc88800b4a0 ret=0x7fc88800a1c0 permissions(499:100), but container fails to start.
Please enable debug mode, I need more information.
http://libvirt.org/logging.html
Thansk