[CRIU] Can't launch unshare with -U or -r as unprivileged user

Andrew Vagin avagin at parallels.com
Thu Sep 11 02:18:20 PDT 2014 

On Wed, Sep 10, 2014 at 04:05:46PM -0700, Allan Cecil wrote:
> Bottom posting for historical context, see text below:
> 
> On 06/04/2014 11:08 AM, Allan Cecil wrote:
> > On 06/04/2014 10:26 AM, Christopher Covington wrote:
> >> On 06/04/2014 01:16 PM, Christopher Covington wrote:
> > ~snip~
> >>> So after my digression it comes back to the question of how to get `unshare
> >>> -r` to work. I noticed that in a kernel where CONFIG_USER_NS is not set, I was
> >>> getting the "Invalid argument" error there when trying stuff like `unshare -r
> >>> -- echo hello` or the example given in the patch introducing the -r option [1].
> >>>
> >>> 1. http://thread.gmane.org/gmane.linux.utilities.util-linux-ng/8317
> >>>
> >>> Is there a /boot/config or /proc/config.gz that you can use to confirm
> >>> CONFIG_USER_NS=y?
> >>>
> >>> Being entirely new to the subject, I found the following thread interesting
> >>> background information.
> >>>
> >>> https://lists.linux-foundation.org/pipermail/containers/2013-June/032727.html
> >>
> >> Digging further, it looks like CONFIG_USER_NS was dropped in Ubuntu 12.10
> >> Quantal and reinstated in 14.04 Trusty. Maybe that upgrade to Mint 17 is a
> >> prerequisite?
> >>
> >> https://bugs.launchpad.net/bugs/1191600
> >> https://wiki.ubuntu.com/Kernel/Configs/PreciseToQuantal
> >> https://wiki.ubuntu.com/Kernel/Configs/SaucyToTrusty
> >>
> >> Christopher 
> > 
> > Hmm...  I did a cat /boot/config-3.11.0-19-generic | grep CONFIG_USER_NS and that flag was not found.  Assuming I have the right file I think I need to upgrade.  I just checked and this system is actually based on the Linux Mint Cinnamon edition (albeit with xfce installed), so I should be able to upgrade right away.  I will work on that this tonight or later this week and get back to you with the results of trying with a new kernel.  Thank you very much for your assistance,
> > 
> > A.C.
> > ******
> 
> So it's now been several months but I'm no closer to a solution.  I'm now on:
> 
> $ uname -a
> Linux silvermine 3.13.0-24-generic #47-Ubuntu SMP Fri May 2 23:30:00 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
> $ lsb_release -a
> No LSB modules are available.
> Distributor ID: LinuxMint
> Description:    Linux Mint 17 Qiana
> Release:        17
> Codename:       qiana
> 
> And cat /boot/config-3.13.0-24-generic | grep CONFIG_USER_NS responds with:
> CONFIG_USER_NS=y
> 
> Unfortunately, with:
> 
> $ unshare --version
> unshare from util-linux 2.24.920-710e
> 
> If I try the same test as above, I still see the same failure:
> 
> $ sudo unshare -fp -- echo hello                                        
> hello
> $ unshare -fp -- echo hello                                             

[avagin at localhost ~]$ unshare -Ufp echo hello
hello


> unshare: unshare failed: Operation not permitted
> 
> In other words, I now have a kernel with the CONFIG_USER_NS flag present and set to Y but I am still unable to get around this problem.  Are there any other suggestions on how I can move forward with using CRIU in, well, userspace?  Thanks for any suggestions you can provide,
> 
> A.C.
> ******
> _______________________________________________
> CRIU mailing list
> CRIU at openvz.org
> https://lists.openvz.org/mailman/listinfo/criu

More information about the CRIU mailing list