[CRIU] Can't launch unshare with -U or -r as unprivileged user

Allan Cecil ac at sonic.net
Wed Sep 10 16:05:46 PDT 2014


Bottom posting for historical context, see text below:

On 06/04/2014 11:08 AM, Allan Cecil wrote:
> On 06/04/2014 10:26 AM, Christopher Covington wrote:
>> On 06/04/2014 01:16 PM, Christopher Covington wrote:
> ~snip~
>>> So after my digression it comes back to the question of how to get `unshare
>>> -r` to work. I noticed that in a kernel where CONFIG_USER_NS is not set, I was
>>> getting the "Invalid argument" error there when trying stuff like `unshare -r
>>> -- echo hello` or the example given in the patch introducing the -r option [1].
>>>
>>> 1. http://thread.gmane.org/gmane.linux.utilities.util-linux-ng/8317
>>>
>>> Is there a /boot/config or /proc/config.gz that you can use to confirm
>>> CONFIG_USER_NS=y?
>>>
>>> Being entirely new to the subject, I found the following thread interesting
>>> background information.
>>>
>>> https://lists.linux-foundation.org/pipermail/containers/2013-June/032727.html
>>
>> Digging further, it looks like CONFIG_USER_NS was dropped in Ubuntu 12.10
>> Quantal and reinstated in 14.04 Trusty. Maybe that upgrade to Mint 17 is a
>> prerequisite?
>>
>> https://bugs.launchpad.net/bugs/1191600
>> https://wiki.ubuntu.com/Kernel/Configs/PreciseToQuantal
>> https://wiki.ubuntu.com/Kernel/Configs/SaucyToTrusty
>>
>> Christopher 
> 
> Hmm...  I did a cat /boot/config-3.11.0-19-generic | grep CONFIG_USER_NS and that flag was not found.  Assuming I have the right file I think I need to upgrade.  I just checked and this system is actually based on the Linux Mint Cinnamon edition (albeit with xfce installed), so I should be able to upgrade right away.  I will work on that this tonight or later this week and get back to you with the results of trying with a new kernel.  Thank you very much for your assistance,
> 
> A.C.
> ******

So it's now been several months but I'm no closer to a solution.  I'm now on:

$ uname -a
Linux silvermine 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: LinuxMint
Description:    Linux Mint 17 Qiana
Release:        17
Codename:       qiana

And cat /boot/config-3.13.0-24-generic | grep CONFIG_USER_NS responds with:
CONFIG_USER_NS=y

Unfortunately, with:

$ unshare --version
unshare from util-linux 2.24.920-710e

If I try the same test as above, I still see the same failure:

$ sudo unshare -fp -- echo hello                                        
hello
$ unshare -fp -- echo hello                                             
unshare: unshare failed: Operation not permitted

In other words, I now have a kernel with the CONFIG_USER_NS flag present and set to Y but I am still unable to get around this problem.  Are there any other suggestions on how I can move forward with using CRIU in, well, userspace?  Thanks for any suggestions you can provide,

A.C.
******


More information about the CRIU mailing list