Alpine vanilla 3.18.14, shadow 4.2 newuidmap kernel segfault
#1
Fri, 2015-06-05 22:41
raul
-
- Offline
- 1 year 9 months ago
- 2014-10-29
Hi,
I am trying to get LXC unprivileged containers working on Alpine Linux 3.2 vanilla kernel. Fortunately there is a shadow 4.2 package in testing. I installed it, but trying to use newuidmap gives a kernel error.
Jun 1 11:44:35 alpine kern.info kernel: [ 3852.855418] newuidmap[1812]: segfault at 7fffb4188288 ip 00007fb890b07ee8 sp 00007fffb4147360 error 4 in newuidmap[7fb890b06000+6000]
Has anyone tried running unprivileged containers, is anyone seeing the same issue with newuidmap?
I managed to get past this. I had to compile shadow 4.2.1 from source. Unprivileged containers work now on Alpine 4.2 vanilla kernel 3.18.14 and 4.1.10-rc6.
I should qualify that with a somewhat. This is unprivileged container run by root. For user run unprivleged containes you need cgmanager which is part of the LXC project and there is no package for cgmanager in Alpine yet.
I don't yet know what exactly is the problem with the 4.2 Shadow package in the testing repo and why newuidmap is causing a kernel seg fault. I will file a bug report shortly, update this thread as soon as I have that info.
* Note the 4.0.x kernel series has a bug regarding LXC unprivileged container use and will cause a kernel crash.
* The Alpine 3.18.14 vanilla kernel does not have cgroups memory support enabled. Enabling cgroups memory requires a kernel recompile.