Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lxc-attach does not work with unprivileged containers and shared net namespace #4443

Open
ElJeffe opened this issue May 13, 2024 · 0 comments
Open

lxc-attach does not work with unprivileged containers and shared net namespace #4443

ElJeffe opened this issue May 13, 2024 · 0 comments
Labels
Bug Confirmed to be a bug
Milestone
lxc-6.1

Comments

@ElJeffe
Copy link

ElJeffe commented May 13, 2024

If a container is started unprivileged with a shared namespace, then it is not possible to attach to the container with error:
lxc-attach netns 20240513090718.131 ERROR attach - ../src/lxc/attach.c:__attach_namespaces_nsfd:666 - Operation not permitted - Failed to attach to net namespace of 6468 lxc-attach netns 20240513090718.131 ERROR attach - ../src/lxc/attach.c:lxc_attach:1590 - Failed to enter namespaces

This is reproducible on lxc 5.0.2 and master (6.0.0) on linux < 5.8 since form 5.8 __attach_namespaces_pidfd is called which works.
Attached is a config that is used to reproduce.
config.txt
First changing to the shared namespaces before the other namespaces works, as is done here:
ElJeffe@2dfe2ff
@stgraber stgraber added the Bug Confirmed to be a bug label May 15, 2024
@stgraber stgraber added this to the lxc-6.1 milestone May 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Confirmed to be a bug
Milestone
lxc-6.1
Development

No branches or pull requests
2 participants
@ElJeffe @stgraber