[CRIU] Can't launch unshare with -U or -r as unprivileged user

Christopher Covington cov at codeaurora.org
Wed Jun 4 10:26:44 PDT 2014


On 06/04/2014 01:16 PM, Christopher Covington wrote:
> On 06/04/2014 11:51 AM, Allan Cecil wrote:
>> Bottom-posted for clarity, please see below.
>>
>> On 2014-06-04 07:38, Christopher Covington wrote:
>>> Hi Allan,
>>>
>>> On 06/04/2014 01:46 AM, Allan Cecil wrote:
>> ~snip~
>>>> Unfortunately, this fails on unshare from util-linux 2.24.903-56ce because
>>>> virtually all of the flags require root privileges.  The manpage talks about
>>>> using -U and -r instead to allow unshare to run without resorting to sudo
>>>> (which is not available to the unprivileged user account in use).  The issue
>>>> is unshare -U or unshare -r always fails with the following error message:
>>>> unshare: unshare failed: Invalid argument
> 
>> Hi Christopher, thanks for your response.  This should help:
>>
>> $ uname -a
>> Linux silvermine 3.11.0-19-generic #33-Ubuntu SMP Tue Mar 11 18:48:34 UTC 2014
>> x86_64 x86_64 x86_64 GNU/Linux
>> $ sudo unshare -fp -- echo hello
>> [sudo] password for ac:
>> hello
>> $ unshare -fp -- echo hello
>> unshare: unshare failed: Operation not permitted
>> $
>>
>> So, with that kernel it's not possible to pass -fp as a normal user.  I'll be
>> upgrading to Linux Mint 17 as soon as the Xfce edition becomes available but
>> until then I assume I am at the mercy of my existing kernel.  Any
>> suggestions?  Thanks for your time,
> 
> So after my digression it comes back to the question of how to get `unshare
> -r` to work. I noticed that in a kernel where CONFIG_USER_NS is not set, I was
> getting the "Invalid argument" error there when trying stuff like `unshare -r
> -- echo hello` or the example given in the patch introducing the -r option [1].
> 
> 1. http://thread.gmane.org/gmane.linux.utilities.util-linux-ng/8317
> 
> Is there a /boot/config or /proc/config.gz that you can use to confirm
> CONFIG_USER_NS=y?
> 
> Being entirely new to the subject, I found the following thread interesting
> background information.
> 
> https://lists.linux-foundation.org/pipermail/containers/2013-June/032727.html

Digging further, it looks like CONFIG_USER_NS was dropped in Ubuntu 12.10
Quantal and reinstated in 14.04 Trusty. Maybe that upgrade to Mint 17 is a
prerequisite?

https://bugs.launchpad.net/bugs/1191600
https://wiki.ubuntu.com/Kernel/Configs/PreciseToQuantal
https://wiki.ubuntu.com/Kernel/Configs/SaucyToTrusty

Christopher

-- 
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
hosted by the Linux Foundation.


More information about the CRIU mailing list