[meta-virtualization] using lxc-create in yocto environment

Rees, Kevron kevron.m.rees at intel.com
Fri Jan 27 08:36:38 PST 2017


I'm trying to call "lxc-create" to create an unprivileged container
within the yocto environment.  I am using a config file containing
uid/gid mappings that seems to work on my host system:

lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536

The command I'm using in my bitbake recipe is as follows:

lxc-create -l DEBUG -o muhlog.lob \
              --config=${S}/default.conf --lxcpath=${S}/var/lib/lxc \
              -t download --name=safety -- -d ubuntu -r xenial -a amd64 \
              --no-validate

"${S}" points to my working directory that has default.conf in it.

The output is as follows:

| DEBUG: Executing shell function do_compile
| newuidmap: write to uid_map failed: Operation not permitted
| error mapping child
| setgid: Invalid argument
| lxc-create: safety: lxccontainer.c: do_create_container_dir: 985
Failed to chown container dir
| lxc-create: safety: tools/lxc_create.c: main: 318 Error creating
container safety

The "error mapping child" error comes from
src/lxc/tools/lxc_usernsexec.c:370 when calling lxc_map_ids().

Any hints on why newuidmap would fail?  I'm hoping that's the root
issue here and the subsequent messages are just the result.

cheers,
-Kevron


More information about the meta-virtualization mailing list