[systemd-devel] [PATCH] loopback setup in unprivileged containers
Tom Gundersen
teg at jklm.no
Sun Dec 28 14:56:18 PST 2014
On Sun, Dec 28, 2014 at 6:18 PM, Stéphane Graber
<stephane.graber at canonical.com> wrote:
> My host system doesn't have nspawn so I can't easily test it this way,
> but it was my understanding that nspawn didn't support user namespaces
> and uid/gid mappings which is what I'm working with here.
Indeed, that is not supported by nspawn (which explains why I cannot
reproduce). I was able to reproduce using the userns_child_exec test
program from [0], so I'll take a look.
> Now, as far as I could tell, the problem was when reading a response back
> over netlink where I'd end up in an infinite recvmsg loop which would
> eventually return once the timeout for the operation would be reached.
Indeed, that seems to be the problem.
Cheers,
Tom
[0] <https://lwn.net/Articles/532593/>
More information about the systemd-devel
mailing list