Hello,
I have a Centos 7.6 default kernel with lxc 3.0.3, I try to create snapshot clone an unprivileged container, but the start of the cloned container failed with an overlay error message “- Operation not permited - Failed to mount …”.
I tried the kernel-lt 4.4 form elrepo with a more recent “overlay” module I have the same problem.
Is it possible to create a snapshot clone of an unprivileged container ? I have no problem with privileged container.
Best regards.
Francis
I’ve not used that feature in a long time, but I suspect it’s making use of unprivileged overlayfs which is currently only in the Ubuntu kernel. It’s been brought up upstream a couple of times but so far hasn’t been included.
It’s on @sforshee’s list to do another push at getting that change upstream.
That’s a patch which was written for Ubuntu a while back and has been kept updated by the Ubuntu kernel team. Some distributions may have picked it up on their own but it is not part of the mainline kernel at this time.
Hello,
Thank you I am waiting for the CentOS update…
Best regards.
Francis
I seem to remember @brauner pointing me to the RedHat security advisory for this which I assume means that a kernel update is now available with the fix.
I think you commented on the wrong issue? 
The unprivileged overlay stuff is not upstream so will not be in the RHEL kernel.
Doh, indeed, I was going with the very very limited context from the last comment and somehow thought of the RHEL crash issue
So yeah, nothing new here, sorry for the noise