nested unprileged container fails to start at mounting /proc
Bug #1543367 reported by
Serge Hallyn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
lxc (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Create a trusty or xenial host. Probably use ubuntu-lxc/daily ppa to work around other bugs.
Create a privileged container (again either trusty or xenial will do), and install ubuntu-lxc/daily ppa there.
Create an unprivileged container in that container. It will fail at mounting proc using safe_mount. At this point it is mounting proc onto /proc/self/fd/14 flags 14.
lxc-start 20160208234209.189 ERROR lxc_utils - utils.c:
To post a comment you must log in.
I'm quite certain this is not an apparmor issue, since leaving everything unconfined does not help.
It could be something we're doing wrong in lxc, but I'm not sure what.
It could be something inherent in mounting onto an open fd.