LXC + overlayfs?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

LXC + overlayfs?

Postby sokoow » Mon Feb 15, 2016 12:18 pm

All,

I'm struggling with running LXC overlayfs snapshot with grsec, here's what I get when I'm trying to run it:

lxc-start 1455552814.760 ERROR lxc_utils - utils.c:setproctitle:1455 - Invalid argument - setting cmdline failed
lxc-start 1455552814.811 ERROR bdev - bdev.c:overlayfs_mount:2294 - No such device - overlayfs: error mounting /var/lib/lxc/ubuntu-wily-amd64/rootfs onto /usr/lib/x86_64-linux-gnu/lxc options upperdir=/var/lib/lxc/afl-fuzz-1452422022/delta0,lowerdir=/var/lib/lxc/ubuntu-wily-amd64/rootfs,workdir=/var/lib/lxc/afl-fuzz-1452422022/olwork
lxc-start 1455552814.811 ERROR lxc_conf - conf.c:mount_rootfs:892 - No such file or directory - failed to get real path for 'overlayfs:/var/lib/lxc/ubuntu-wily-amd64/rootfs:/var/lib/lxc/afl-fuzz-1452422022/delta0'
lxc-start 1455552814.811 ERROR lxc_conf - conf.c:setup_rootfs:1301 - failed to mount rootfs
lxc-start 1455552814.811 ERROR lxc_conf - conf.c:do_rootfs_setup:3801 - failed to setup rootfs for 'afl-fuzz-1452422022'
lxc-start 1455552814.811 ERROR lxc_conf - conf.c:lxc_setup:3883 - Error setting up rootfs mount after spawn
lxc-start 1455552814.811 ERROR lxc_start - start.c:do_start:731 - failed to setup the container
lxc-start 1455552814.811 ERROR lxc_sync - sync.c:__sync_wait:51 - invalid sequence number 1. expected 2
lxc-start 1455552814.811 ERROR lxc_start - start.c:__lxc_start:1213 - failed to spawn 'afl-fuzz-1452422022'
lxc-start 1455552819.862 ERROR lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
lxc-start 1455552819.862 ERROR lxc_start_ui - lxc_start.c:main:346 - To get more details, run the container in foreground mode.
lxc-start 1455552819.862 ERROR lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.


anybody has any experience with this?
sokoow
 
Posts: 1
Joined: Mon Feb 15, 2016 12:16 pm

Re: LXC + overlayfs?

Postby itoffshore » Mon Sep 12, 2016 5:40 pm

I saw the same error running unprivileged lxc in Alpine Linux - this is a permission error on /path/to/container or /path/to/container/rootfs

Code: Select all
chmod 750 /path/to/container
chown root:100000 /path/to/container
chmod 755 /path/to/container/rootfs

If you run the container unprivileged it cannot execute "readlink -f ${LXC_ROOTFS_MOUNT}" without the above permissions.
itoffshore
 
Posts: 3
Joined: Fri May 08, 2015 11:25 am


Return to grsecurity support