[CRIU] Can't launch unshare with -U or -r as unprivileged user
Christopher Covington
cov at codeaurora.org
Wed Jun 4 10:16:45 PDT 2014
On 06/04/2014 11:51 AM, Allan Cecil wrote:
> Bottom-posted for clarity, please see below.
>
> On 2014-06-04 07:38, Christopher Covington wrote:
>> Hi Allan,
>>
>> On 06/04/2014 01:46 AM, Allan Cecil wrote:
> ~snip~
>>> Unfortunately, this fails on unshare from util-linux 2.24.903-56ce because
>>> virtually all of the flags require root privileges. The manpage talks about
>>> using -U and -r instead to allow unshare to run without resorting to sudo
>>> (which is not available to the unprivileged user account in use). The issue
>>> is unshare -U or unshare -r always fails with the following error message:
>>> unshare: unshare failed: Invalid argument
> Hi Christopher, thanks for your response. This should help:
>
> $ uname -a
> Linux silvermine 3.11.0-19-generic #33-Ubuntu SMP Tue Mar 11 18:48:34 UTC 2014
> x86_64 x86_64 x86_64 GNU/Linux
> $ sudo unshare -fp -- echo hello
> [sudo] password for ac:
> hello
> $ unshare -fp -- echo hello
> unshare: unshare failed: Operation not permitted
> $
>
> So, with that kernel it's not possible to pass -fp as a normal user. I'll be
> upgrading to Linux Mint 17 as soon as the Xfce edition becomes available but
> until then I assume I am at the mercy of my existing kernel. Any
> suggestions? Thanks for your time,
So after my digression it comes back to the question of how to get `unshare
-r` to work. I noticed that in a kernel where CONFIG_USER_NS is not set, I was
getting the "Invalid argument" error there when trying stuff like `unshare -r
-- echo hello` or the example given in the patch introducing the -r option [1].
1. http://thread.gmane.org/gmane.linux.utilities.util-linux-ng/8317
Is there a /boot/config or /proc/config.gz that you can use to confirm
CONFIG_USER_NS=y?
Being entirely new to the subject, I found the following thread interesting
background information.
https://lists.linux-foundation.org/pipermail/containers/2013-June/032727.html
Regards,
Christopher
--
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.
More information about the CRIU
mailing list