← Back to team overview

kernel-packages team mailing list archive

[Bug 1543367] Re: nested unprileged container fails to start at mounting /proc

 

I'm quite certain this is not an apparmor issue, since leaving
everything unconfined does not help.

It could be something we're doing wrong in lxc, but I'm not sure what.

It could be something inherent in mounting onto an open fd.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1543367

Title:
  nested unprileged container fails to start at mounting /proc

Status in linux package in Ubuntu:
  New
Status in lxc package in Ubuntu:
  Triaged

Bug description:
  Create a trusty or xenial host.  Probably use ubuntu-lxc/daily ppa to
  work around other bugs.

  Create a privileged container (again either trusty or xenial will do),
  and install ubuntu-lxc/daily ppa there.

  Create an unprivileged container in that container.  It will fail at
  mounting proc using safe_mount.  At this point it is mounting proc
  onto /proc/self/fd/14 flags 14.

        lxc-start 20160208234209.189 ERROR    lxc_utils -
  utils.c:safe_mount:1695 - Operation not permitted - Failed to mount
  proc onto /usr/lib/x86_64-linux-gnu/lxc/proc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1543367/+subscriptions


References