Mail archive
alpine-user

Re: [alpine-user] liblxc segfaults when trying to start unprivileged container

From: Chloe Kudryavtsev <toast_at_toastin.space>
Date: Fri, 29 Mar 2019 13:21:21 -0400

On 3/29/2019 4:43 AM, paul gauret wrote:
> in my case doing everything with root.
>> Privileged containers work just fine.

We're missing kernel.unprivileged_userns_clone for whatever reason.
You have to enable that to run things as non-root (which I suspect
you're trying to do).

Spun up a VM to test: unprivileged containers are just fine as root, but
not as a user (in the latter case you get a segfault - likely because an
unprivileged user is trying to userns clone without having the right to :) )

I suppose the question now becomes "why are we missing that option".

In the interim, feel free to have root-owned unprivileged containers
(you can give root subuids just like everywhere else, and everything
ends up running as UID 100000 or whatever you use).


---
Unsubscribe:  alpine-user+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-user+help_at_lists.alpinelinux.org
---
Received on Fri Mar 29 2019 - 13:21:21 UTC