kernel-packages team mailing list archive

Thread
Date

[Bug 1191600] Re: User namespace is not enabled in raring kernel

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: David Leadbeater <1191600@xxxxxxxxxxxxxxxxxx>
Date: Fri, 29 Nov 2013 20:00:06 -0000
Reply-to: Bug 1191600 <1191600@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

According to debian/changelog USER_NS was enabled in linux (2.6.32-12.16):
  * [Config] enable USER_NS
    - LP: #480739, #509808

However I don't actually see the config option set anymore (and not even
a comment saying it's not set) looking at the current version in saucy:
linux-image-3.11.0-13-generic (3.11.0-13.20).

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1191600

Title:
  User namespace is not enabled in raring kernel

Status in “linux” package in Ubuntu:
  Confirmed

Bug description:
  lxc-checkconfig reports that user namespace is missing in raring.

  uname -a:

  Linux example 3.8.0-25-generic #37-Ubuntu SMP Thu Jun 6 20:47:30 UTC
  2013 i686 athlon i686 GNU/Linux

  /proc/version_signature:

  Ubuntu 3.8.0-25.37-generic 3.8.13

  lspci output: N/A (lspci not installed in this configuration)

  lxc-checkconfig:

  root@example:/# lxc-checkconfig
  Kernel configuration not found at /proc/config.gz; searching...
  Kernel configuration found at /boot/config-3.8.0-25-generic
  --- Namespaces ---
  Namespaces: enabled
  Utsname namespace: enabled
  Ipc namespace: enabled
  Pid namespace: enabled
  User namespace: missing
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  Network namespace: enabled
  Multiple /dev/pts instances: enabled

  --- Control groups ---
  Cgroup: enabled
  Cgroup namespace: required
  Cgroup device: enabled
  Cgroup sched: enabled
  Cgroup cpu account: enabled
  Cgroup memory controller: enabled
  Cgroup cpuset: enabled

  --- Misc ---
  Veth pair device: enabled
  Macvlan: enabled
  Vlan: enabled
  File capabilities: enabled

  Note : Before booting a new kernel, you can check its configuration
  usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

  This may be caused by the kernel config used in this package:

  CONFIG_UTS_NS=y
  CONFIG_IPC_NS=y
  CONFIG_PID_NS=y
  CONFIG_NET_NS=y

  that is, CONFIG_USER_NS was not selected in the kernel configuration.

  For comparison, similar section in the kernel config of 64-bit Precise
  (12.04) looks as follows:

  CONFIG_NAMESPACES=y
  CONFIG_UTS_NS=y
  CONFIG_IPC_NS=y
  CONFIG_USER_NS=y
  CONFIG_PID_NS=y
  CONFIG_NET_NS=y

  As result, lxc-start of a container with lxc.id_map is not possible
  (clone() returns EINVAL).

  Thanks.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1191600/+subscriptions