Hi,
Since I updated lxc (4.0.12 to 5.0.0), I launch my unprivileged lxc anymore. It seems to stumble on the mounts operations.
lxc-start steam2 20220727182425.770 DEBUG conf - ../src/lxc/conf.c:mount_entry:2479 - Mounted "tmpfs" on "/usr/lib/lxc/rootfs/tmp" with filesystem type "tmpfs"
lxc-start steam2 20220727182425.770 DEBUG conf - ../src/lxc/conf.c:mount_entry:2416 - Remounting "/dev/input" on "/usr/lib/lxc/rootfs/dev/input" to respect bind or remount options
lxc-start steam2 20220727182425.770 ERROR conf - ../src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/dev/input" on "/usr/lib/lxc/rootfs/dev/input"
lxc-start steam2 20220727182425.770 ERROR conf - ../src/lxc/conf.c:lxc_setup:4375 - Failed to setup mount entries
The config entry is :
lxc.cgroup2.devices.allow = c 13:* rwm
lxc.mount.entry = /dev/input dev/input none bind,create=dir
Maybe some capabilities adjustments are needed ?
[th@mecanic ~]capsh --print
Current: =
Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read,cap_perfmon,cap_bpf,cap_checkpoint_restore
Ambient set =
Current IAB:
Securebits: 00/0x0/1'b0 (no-new-privs=0)
secure-noroot: no (unlocked)
secure-no-suid-fixup: no (unlocked)
secure-keep-caps: no (unlocked)
secure-no-ambient-raise: no (unlocked)
uid=1000(th) euid=1000(th)
gid=1000(th)
groups=150(wireshark),957(libvirt-qemu),964(postgres),973(minidlna),979(libvirt),986(video),992(kvm),993(input),1000(th),1004(dialout)
Guessed mode: HYBRID (4)
Thank you for your help and checking ideas.