[sisyphus] Непривилегированные контейнеры lxd: проброс папки

Aleksey Birukov aebirukov на gmail.com
Пн Янв 9 20:30:46 MSK 2017 

Пытаюсь настроить проброс папки в непривилегированный контейнер.
И в контейнере и на хосте собственник должен быть 500:500

# chown 500:500 /tmp/test/folder
$ lxc config device add granophyric-elise test disk path=/mnt
source=/tmp/test/folder
$ lxc exec granophyric-elise bash
root на granophyric-elise:~# ls -n /mnt/
total 4
-rw-r--r-- 1 65534 65534 5 Jan  9 16:56 test
drwxr-xr-x 1 65534 65534 0 Jan  9 17:07 test1

Как в ALT предполагается это делать?

# cat /etc/subgid /etc/subuid
lxd:100000:65536
_libvirt:165536:65536
systemd-network:231072:65536
systemd-resolve:296608:65536
_lldpd:624288:65536
root:1000000:65536
root:500:1

lxd:100000:65536
_libvirt:165536:65536
systemd-network:231072:65536
systemd-resolve:296608:65536
_lldpd:624288:65536
root:1000000:65536
root:500:1

Пробую настроить mapping:

$ lxc profile add granophyric-elise user

$ lxc info --show-log granophyric-elise
Name: granophyric-elise
Remote: unix:/var/lib/lxd/unix.socket
Architecture: x86_64
Created: 2017/01/08 17:22 UTC
Status: Stopped
Type: persistent
Profiles: user

Log:

            lxc 20170109202701.941 WARN     lxc_cgmanager -
cgroups/cgmanager.c:cgm_get:992 - do_cgm_get exited with error
            lxc 20170109202702.158 ERROR    lxc_start -
start.c:lxc_spawn:1163 - Failed to set up id mapping.
            lxc 20170109202702.159 ERROR    lxc_start -
start.c:__lxc_start:1338 - Failed to spawn container "granophyric-elise".
            lxc 20170109202702.715 ERROR    lxc_conf -
conf.c:run_buffer:347 - Script exited with status 1
            lxc 20170109202702.715 ERROR    lxc_start -
start.c:lxc_fini:546 - Failed to run lxc.hook.post-stop for container
"granophyric-elise".
            lxc 20170109202702.716 WARN     lxc_commands -
commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive
response
            lxc 20170109202702.716 WARN     lxc_cgmanager -
cgroups/cgmanager.c:cgm_get:992 - do_cgm_get exited with error
            lxc 20170109202702.986 WARN     lxc_cgmanager -
cgroups/cgmanager.c:cgm_get:992 - do_cgm_get exited with error
            lxc 20170109202724.006 WARN     lxc_cgmanager -
cgroups/cgmanager.c:cgm_get:992 - do_cgm_get exited with error
            lxc 20170109202724.014 WARN     lxc_cgmanager -
cgroups/cgmanager.c:cgm_get:992 - do_cgm_get exited with error
            lxc 20170109202724.017 WARN     lxc_cgmanager -
cgroups/cgmanager.c:cgm_get:992 - do_cgm_get exited with error

$ lxc profile show user
name: user
config:
  raw.lxc: |
    lxc.id_map =
    lxc.id_map = u 0 1000000 499
    lxc.id_map = g 0 1000000 499
    lxc.id_map = u 500 1000 1
    lxc.id_map = g 500 1000 1
    lxc.id_map = u 501 1000501 65035
    lxc.id_map = g 501 1000501 65035
  user.vendor-data: |
    #cloud-config
    users:
      - name: user
        groups: sudo
        shell: /bin/bash
        sudo: ['ALL=(ALL) NOPASSWD:ALL']
    # ensure users shell is installed
    packages:
      - bash
    # The dhclient is a workaround for dns, see lp:1600766
description: allow home dir mounting for user
devices:
  home:
    path: /home/user
    source: /home/user
    type: disk
usedby:
- /1.0/containers/granophyric-elise

Система: p8. lxc, lxd из Сизифа.

$ rpm -q lxd
lxd-2.6.2-alt1

--
С уважением,
Бирюков Алексей
----------- следующая часть -----------
Вложение в формате HTML было удалено...
URL: <http://lists.altlinux.org/pipermail/sisyphus/attachments/20170109/77813812/attachment.html>

Подробная информация о списке рассылки Sisyphus