[systemd-devel] [PATCH] loopback setup in unprivileged containers

Tom Gundersen teg at jklm.no
Sun Dec 28 14:56:18 PST 2014


On Sun, Dec 28, 2014 at 6:18 PM, St├ęphane Graber
<stephane.graber at canonical.com> wrote:
> My host system doesn't have nspawn so I can't easily test it this way,
> but it was my understanding that nspawn didn't support user namespaces
> and uid/gid mappings which is what I'm working with here.

Indeed, that is not supported by nspawn (which explains why I cannot
reproduce). I was able to reproduce using the userns_child_exec test
program from [0], so I'll take a look.

> Now, as far as I could tell, the problem was when reading a response back
> over netlink where I'd end up in an infinite recvmsg loop which would
> eventually return once the timeout for the operation would be reached.

Indeed, that seems to be the problem.

Cheers,

Tom

[0] <https://lwn.net/Articles/532593/>


More information about the systemd-devel mailing list