* using lxc-create in yocto environment
@ 2017-01-27 16:36 Rees, Kevron
2017-01-27 22:27 ` Rees, Kevron
0 siblings, 1 reply; 2+ messages in thread
From: Rees, Kevron @ 2017-01-27 16:36 UTC (permalink / raw)
To: meta-virtualization
I'm trying to call "lxc-create" to create an unprivileged container
within the yocto environment. I am using a config file containing
uid/gid mappings that seems to work on my host system:
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
The command I'm using in my bitbake recipe is as follows:
lxc-create -l DEBUG -o muhlog.lob \
--config=${S}/default.conf --lxcpath=${S}/var/lib/lxc \
-t download --name=safety -- -d ubuntu -r xenial -a amd64 \
--no-validate
"${S}" points to my working directory that has default.conf in it.
The output is as follows:
| DEBUG: Executing shell function do_compile
| newuidmap: write to uid_map failed: Operation not permitted
| error mapping child
| setgid: Invalid argument
| lxc-create: safety: lxccontainer.c: do_create_container_dir: 985
Failed to chown container dir
| lxc-create: safety: tools/lxc_create.c: main: 318 Error creating
container safety
The "error mapping child" error comes from
src/lxc/tools/lxc_usernsexec.c:370 when calling lxc_map_ids().
Any hints on why newuidmap would fail? I'm hoping that's the root
issue here and the subsequent messages are just the result.
cheers,
-Kevron
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: using lxc-create in yocto environment
2017-01-27 16:36 using lxc-create in yocto environment Rees, Kevron
@ 2017-01-27 22:27 ` Rees, Kevron
0 siblings, 0 replies; 2+ messages in thread
From: Rees, Kevron @ 2017-01-27 22:27 UTC (permalink / raw)
To: meta-virtualization
On Fri, Jan 27, 2017 at 8:36 AM, Rees, Kevron <kevron.m.rees@intel.com> wrote:
> I'm trying to call "lxc-create" to create an unprivileged container
> within the yocto environment. I am using a config file containing
> uid/gid mappings that seems to work on my host system:
>
> lxc.include = /etc/lxc/default.conf
> lxc.id_map = u 0 100000 65536
> lxc.id_map = g 0 100000 65536
>
> The command I'm using in my bitbake recipe is as follows:
>
> lxc-create -l DEBUG -o muhlog.lob \
> --config=${S}/default.conf --lxcpath=${S}/var/lib/lxc \
> -t download --name=safety -- -d ubuntu -r xenial -a amd64 \
> --no-validate
>
> "${S}" points to my working directory that has default.conf in it.
>
> The output is as follows:
>
> | DEBUG: Executing shell function do_compile
> | newuidmap: write to uid_map failed: Operation not permitted
The problem seems to be here. It's trying to use newuidmap from
sysroot. If I force it to use the host's newuidmap from
/usr/bin/newuidmap, it works. One of the issues could be that the
setuid flag on the yocto environment's newuidmap seems missing. I
wonder why the version in sysroot doesn't work...
> | error mapping child
> | setgid: Invalid argument
> | lxc-create: safety: lxccontainer.c: do_create_container_dir: 985
> Failed to chown container dir
> | lxc-create: safety: tools/lxc_create.c: main: 318 Error creating
> container safety
>
> The "error mapping child" error comes from
> src/lxc/tools/lxc_usernsexec.c:370 when calling lxc_map_ids().
>
> Any hints on why newuidmap would fail? I'm hoping that's the root
> issue here and the subsequent messages are just the result.
>
> cheers,
> -Kevron
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-01-27 22:27 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-01-27 16:36 using lxc-create in yocto environment Rees, Kevron
2017-01-27 22:27 ` Rees, Kevron
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.