V2EX › wniming 的所有回复 › 第 2 页 / 共 32 页

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

1 2 3 4 5 6 7 8 9 10 ... 32

❮

❯

26 天前

回复了 xdidi3r 创建的主题 › 问与答 › 有没有 5k 以内，好玩的数码产品推荐

5070

27 天前

回复了 HarrisonLee 创建的主题 › 深圳 › 悲惨的深圳上网经历

@wunonglin 我也是

30 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@wniming #24 如果要在特权 lxc 容器内用普通用户运行 lxc 的话，要在特权 lxc 容器的配置上加上：

lxc.mount.entry = proc dev/.lxc/proc proc create=dir,optional 0 0
lxc.mount.entry = sys dev/.lxc/sys sysfs create=dir,optional 0 0

30 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@pagxir #22 你的博客还是启发到我了，我的物理机系统是 fedora42 ，lxc 特权容器加上这行配置可以在容器内用普通用户运行 podman：

lxc.mount.entry = proc dev/.lxc/proc proc create=dir,optional 0 0

30 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@pagxir #22

在我的环境下加上

lxc.mount.auto = cgroup:mixed:force proc:rw sys:rw cgroup-full:mixed:force

会导致特权容器启动失败，把 sys:rw 删掉可以启动成功，但是依然无法用普通用户运行 podman

30 天前

回复了 wniming 创建的主题 › Linux › 用普通用户运行的 lxc 如何设置 cgroup cpu 调度的优先级？

@yanqiyu systemd-cgls 的输出结果中没有 lxc-unit ，而且在 sysfs 下查看虽然有 lxc-unit.service 但是这个和 lxc-f42-0.scope 是平级关系

root@localhost:/home/d# cat /sys/fs/cgroup/user.slice/user-1000.slice/[email protected]/app.slice/lxc-unit.service/cpu.weight
10
root@localhost:/home/d#
root@localhost:/home/d# cat /sys/fs/cgroup/user.slice/user-1000.slice/[email protected]/app.slice/lxc-f42-0.scope/cpu.weight
100
root@localhost:/home/d#

30 天前

回复了 wniming 创建的主题 › Linux › 用普通用户运行的 lxc 如何设置 cgroup cpu 调度的优先级？

@yanqiyu 我也觉得理论上应该起作用，但是刚才我用一个全新安装的 fedora 42 又重新试了一下还是不行，而且如果是在 lxc 配置文件里指定 lxc.cgroup2.cpu.weight 的话，在 lxc 内部 cat /sys/fs/cgroup/cpu.weight 是能看到变化的，但如果是用 systemd-run --unit=lxc-unit --user -p CPUWeight=10 --collect --pty lxc-start -F f42 这条命令的话，在 lxc 内部 cat /sys/fs/cgroup/cpu.weight 没有看到变化。

31 天前

回复了 wniming 创建的主题 › 云修电脑 › 电脑突然死机，按机箱上的重启和关机按钮都无法重启或关机，这可能是什么原因引起的？

@kokutou 基本确认是电源的问题了，一周前把电源送去售后，当时换了一个电源先临时用，用到现在没再出现过问题，今天送去售后的电源说是检测没问题给我原返了，但是返回来的电源变成 gx 650 了，我发现现在海韵的售后是不会承认电源有问题的，就算有问题也是以“原返”的形式直接给客户换良品，几个月前我的一个 gx 750 电源突然碰响了一声然后整间屋子跳闸了，送去售后也是说检测没问题给我原返，但是返回来的电源的序列号跟之前不一样了，而且用到现在没再出现过问题。

ps：我京东自营买的。

32 天前

回复了 msn1983aa 创建的主题 › 分享发现 › Google 出 BUG 了，免费领取 Google One 会员到 2026 年底

@yamatoki #113 我也是大号可以领，小号领就：

This offer is not available
You can check out other Google One plans to find the right one for you

32 天前

回复了 msn1983aa 创建的主题 › 分享发现 › Google 出 BUG 了，免费领取 Google One 会员到 2026 年底

已领刚刚，好人一生平安

36 天前

回复了 songray 创建的主题 › 程序员 › 现在 Linux 对 Intel 大小核的调度怎么样?

@songray 可以选 12700 ，关闭 4 个小核

36 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@yinmin 刚刷新帖子看到你的新回复

36 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@yinmin 在我的使用场景下完全不考虑安全性，而且目前我就是在特权 lxc 容器里做的尝试，不确定你说的这个 privileged 权限指的是什么。

36 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@pagxir man lxc.container.conf 没有 lxc.autofs 这个选项，不过有个类似的，我添加了如下配置：

lxc.mount.auto = cgroup-full:rw:force

不过还是一样的报错

36 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@choury #11 不知道你是怎么开容器的，我刚才给 lxc 的配置加了一行

lxc.cap.drop =

现在 lxc 特权容器里的几个 Cap 也都跟正常环境下的一样了，不过还是不行，一样的报错。

我总感觉这个问题跟用户命名空间有关，因为我在 lxc 特权容器里用 root 用户运行 unshare -fp -r --mount-proc id 有和用普通用户运行一样的报错，但把 -r 参数去掉就正常了：

root@develop:~#
root@develop:~# unshare -fp -r --mount-proc id
unshare: mount /proc failed: Operation not permitted
root@develop:~#
root@develop:~# unshare -fp --mount-proc id
uid=0(root) gid=0(root) groups=0(root)
root@develop:~#

36 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@choury #9

在 lxc 特权容器里用 root 和普通用户执行 cat /proc/self/status | grep Cap 的输出如下:

d@develop:~$ su
root@develop:/home/d#
root@develop:/home/d# cat /proc/self/status | grep Cap
CapInh: 0000000000000000
CapPrm: 000001fcfdfcffff
CapEff: 000001fcfdfcffff
CapBnd: 000001fcfdfcffff
CapAmb: 0000000000000000
root@develop:/home/d#
root@develop:/home/d#
exit
d@develop:~$
d@develop:~$ cat /proc/self/status | grep Cap
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 000001fcfdfcffff
CapAmb: 0000000000000000
d@develop:~$
d@develop:~$

CapBnd 这个确实和普通环境下不一样，普通环境下是 000001ffffffffff

36 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

101 fstat(3</usr/lib/locale/en_US.utf8/LC_NUMERIC>, {st_dev=makedev(0, 0x23), st_ino=13956, st_mode=S_IFREG|0644, st_nlink=17, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=54, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.603472279+0800 */, st_ctime_nsec=603472279}) = 0
102 mmap(NULL, 54, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_NUMERIC>, 0) = 0x7f421cfe0000
103 close(3</usr/lib/locale/en_US.utf8/LC_NUMERIC>) = 0
104 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
105 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_CTYPE", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/C.utf8/LC_CTYPE>
106 fstat(3</usr/lib/locale/C.utf8/LC_CTYPE>, {st_dev=makedev(0, 0x23), st_ino=14249, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=712, st_size=360460, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.603950488+0800 */, st_ctime_nsec=603950488}) = 0
107 mmap(NULL, 360460, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/C.utf8/LC_CTYPE>, 0) = 0x7f421cd93000
108 close(3</usr/lib/locale/C.utf8/LC_CTYPE>) = 0
109 rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=[CHLD], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f421ce2f710}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
110 unshare(CLONE_NEWNS|CLONE_NEWUSER|CLONE_NEWPID) = 0
111 rt_sigprocmask(SIG_BLOCK, [INT TERM], [], 8) = 0
112 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f421cdeca10) = 589
113 wait4(589, strace: Process 589 attached
114 <unfinished ...>
115 [pid 589] set_robust_list(0x7f421cdeca20, 24) = 0
116 [pid 589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
117 [pid 589] openat(AT_FDCWD</root>, "/proc/self/uid_map", O_WRONLY) = 3</proc/589/uid_map>
118 [pid 589] write(3</proc/589/uid_map>, "0 0 1", 5) = 5
119 [pid 589] close(3</proc/589/uid_map>) = 0
120 [pid 589] openat(AT_FDCWD</root>, "/proc/self/setgroups", O_WRONLY) = 3</proc/589/setgroups>
121 [pid 589] write(3</proc/589/setgroups>, "deny", 4) = 4
122 [pid 589] close(3</proc/589/setgroups>) = 0
123 [pid 589] openat(AT_FDCWD</root>, "/proc/self/gid_map", O_WRONLY) = 3</proc/589/gid_map>
124 [pid 589] write(3</proc/589/gid_map>, "0 0 1", 5) = 5
125 [pid 589] close(3</proc/589/gid_map>) = 0
126 [pid 589] mount("none", "/", NULL, MS_REC|MS_PRIVATE, NULL) = 0
127 [pid 589] mount("proc", "/proc", "proc", MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL) = -1 EPERM (Operation not permitted)
128 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en_US.UTF-8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
129 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en_US.utf8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
130 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en_US/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
131 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en.UTF-8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
132 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en.utf8/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
133 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en/LC_MESSAGES/util-linux.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
134 [pid 589] write(2</root/txt>, "unshare: ", 9unshare: ) = 9
135 [pid 589] write(2</root/txt>, "mount /proc failed", 18mount /proc failed) = 18
136 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
137 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
138 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
139 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
140 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
141 [pid 589] openat(AT_FDCWD</root>, "/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
142 [pid 589] write(2</root/txt>, ": Operation not permitted\n", 26: Operation not permitted
143 ) = 26
144 [pid 589] dup(1</dev/pts/5>) = 3</dev/pts/5>
145 [pid 589] close(3</dev/pts/5>) = 0
146 [pid 589] dup(2</root/txt>) = 3</root/txt>
147 [pid 589] close(3</root/txt>) = 0
148 [pid 589] exit_group(1) = ?
149 [pid 589] +++ exited with 1 +++
150 <... wait4 resumed>[{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 589
151 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=589, si_uid=0, si_status=1, si_utime=0, si_stime=0} ---
152 dup(1</dev/pts/5>) = 3</dev/pts/5>
153 close(3</dev/pts/5>) = 0
154 dup(2</root/txt>) = 3</root/txt>
155 close(3</root/txt>) = 0
156 exit_group(1) = ?
157 +++ exited with 1 +++

36 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

51 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
52 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_MEASUREMENT", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_MEASUREMENT>
53 fstat(3</usr/lib/locale/en_US.utf8/LC_MEASUREMENT>, {st_dev=makedev(0, 0x23), st_ino=14204, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=23, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.601297172+0800 */, st_ctime_nsec=601297172}) = 0
54 mmap(NULL, 23, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_MEASUREMENT>, 0) = 0x7f421cfe8000
55 close(3</usr/lib/locale/en_US.utf8/LC_MEASUREMENT>) = 0
56 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
57 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_TELEPHONE", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_TELEPHONE>
58 fstat(3</usr/lib/locale/en_US.utf8/LC_TELEPHONE>, {st_dev=makedev(0, 0x23), st_ino=14207, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=59, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.601402154+0800 */, st_ctime_nsec=601402154}) = 0
59 mmap(NULL, 59, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_TELEPHONE>, 0) = 0x7f421cfe7000
60 close(3</usr/lib/locale/en_US.utf8/LC_TELEPHONE>) = 0
61 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
62 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_ADDRESS", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_ADDRESS>
63 fstat(3</usr/lib/locale/en_US.utf8/LC_ADDRESS>, {st_dev=makedev(0, 0x23), st_ino=14201, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=167, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.601215527+0800 */, st_ctime_nsec=601215527}) = 0
64 mmap(NULL, 167, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_ADDRESS>, 0) = 0x7f421cfe6000
65 close(3</usr/lib/locale/en_US.utf8/LC_ADDRESS>) = 0
66 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_NAME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
67 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_NAME", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_NAME>
68 fstat(3</usr/lib/locale/en_US.utf8/LC_NAME>, {st_dev=makedev(0, 0x23), st_ino=13955, st_mode=S_IFREG|0644, st_nlink=6, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=77, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.602598571+0800 */, st_ctime_nsec=602598571}) = 0
69 mmap(NULL, 77, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_NAME>, 0) = 0x7f421cfe5000
70 close(3</usr/lib/locale/en_US.utf8/LC_NAME>) = 0
71 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_PAPER", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
72 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_PAPER", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_PAPER>
73 fstat(3</usr/lib/locale/en_US.utf8/LC_PAPER>, {st_dev=makedev(0, 0x23), st_ino=14016, st_mode=S_IFREG|0644, st_nlink=3, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=34, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.601168802+0800 */, st_ctime_nsec=601168802}) = 0
74 mmap(NULL, 34, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_PAPER>, 0) = 0x7f421cfe4000
75 close(3</usr/lib/locale/en_US.utf8/LC_PAPER>) = 0
76 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
77 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_MESSAGES>
78 fstat(3</usr/lib/locale/en_US.utf8/LC_MESSAGES>, {st_dev=makedev(0, 0x23), st_ino=14205, st_mode=S_IFDIR|0755, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=0, st_size=30, st_atime=1745686865 /* 2025-04-27T01:01:05.345684012+0800 */, st_atime_nsec=345684012, st_mtime=1717949668 /* 2024-06-10T00:14:28.151908372+0800 */, st_mtime_nsec=151908372, st_ctime=1743420554 /* 2025-03-31T19:29:14.601339950+0800 */, st_ctime_nsec=601339950}) = 0
79 close(3</usr/lib/locale/en_US.utf8/LC_MESSAGES>) = 0
80 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES>
81 fstat(3</usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES>, {st_dev=makedev(0, 0x23), st_ino=13950, st_mode=S_IFREG|0644, st_nlink=16, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=57, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.603617639+0800 */, st_ctime_nsec=603617639}) = 0
82 mmap(NULL, 57, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES>, 0) = 0x7f421cfe3000
83 close(3</usr/lib/locale/en_US.utf8/LC_MESSAGES/SYS_LC_MESSAGES>) = 0
84 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
85 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_MONETARY", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_MONETARY>
86 fstat(3</usr/lib/locale/en_US.utf8/LC_MONETARY>, {st_dev=makedev(0, 0x23), st_ino=14206, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=286, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.601372289+0800 */, st_ctime_nsec=601372289}) = 0
87 mmap(NULL, 286, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_MONETARY>, 0) = 0x7f421cfe2000
88 close(3</usr/lib/locale/en_US.utf8/LC_MONETARY>) = 0
89 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
90 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_COLLATE", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_COLLATE>
91 fstat(3</usr/lib/locale/en_US.utf8/LC_COLLATE>, {st_dev=makedev(0, 0x23), st_ino=13953, st_mode=S_IFREG|0644, st_nlink=18, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=5056, st_size=2586930, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.603421654+0800 */, st_ctime_nsec=603421654}) = 0
92 mmap(NULL, 2586930, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_COLLATE>, 0) = 0x7f421ca00000
93 close(3</usr/lib/locale/en_US.utf8/LC_COLLATE>) = 0
94 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_TIME", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
95 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_TIME", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_TIME>
96 fstat(3</usr/lib/locale/en_US.utf8/LC_TIME>, {st_dev=makedev(0, 0x23), st_ino=14208, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=3284, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.601438957+0800 */, st_ctime_nsec=601438957}) = 0
97 mmap(NULL, 3284, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_TIME>, 0) = 0x7f421cfe1000
98 close(3</usr/lib/locale/en_US.utf8/LC_TIME>) = 0
99 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
100 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_NUMERIC", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_NUMERIC>

36 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@choury

1 execve("/usr/bin/unshare", ["unshare", "-fp", "-r", "--mount-proc", "id"], ["SHELL=/bin/bash", "HISTCONTROL=ignoredups", "HISTSIZE=1000000", "HOSTNAME=develop", "DOTNET_ROOT=/usr/lib64/dotnet", "EDITOR=/usr/bin/vim", "PWD=/root", "LOGNAME=root", "XDG_SESSION_TYPE=tty", "MOTD_SHOWN=pam", "HOME=/root", "LANG=en_US.UTF-8", "LS_COLORS=rs=0:di=01;34:ln=01;35"..., "SSH_CONNECTION=192.168.1.4 44936"..., "DOTNET_BUNDLE_EXTRACT_BASE_DIR=/"..., "XDG_SESSION_CLASS=user", "TERM=xterm-256color", "LESSOPEN=||/usr/bin/lesspipe.sh "..., "USER=root", "SHLVL=1", "XDG_SESSION_ID=51", "XDG_RUNTIME_DIR=/run/user/0", "SSH_CLIENT=192.168.1.4 44936 22", "DEBUGINFOD_URLS=https://debuginf"..., "PATH=/root/.local/bin:/root/bin:"..., "DBUS_SESSION_BUS_ADDRESS=unix:pa"..., "MAIL=/var/spool/mail/root", "SSH_TTY=/dev/pts/5", "_=/usr/bin/strace"]) = 0
2 brk(NULL) = 0x563c88fa2000
3 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
4 openat(AT_FDCWD</root>, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3</etc/ld.so.cache>
5 fstat(3</etc/ld.so.cache>, {st_dev=makedev(0, 0x23), st_ino=267401, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=152, st_size=77547, st_atime=1746105600 /* 2025-05-01T21:20:00.444181044+0800 */, st_atime_nsec=444181044, st_mtime=1743769564 /* 2025-04-04T20:26:04.548840860+0800 */, st_mtime_nsec=548840860, st_ctime=1743769564 /* 2025-04-04T20:26:04.554840931+0800 */, st_ctime_nsec=554840931}) = 0
6 mmap(NULL, 77547, PROT_READ, MAP_PRIVATE, 3</etc/ld.so.cache>, 0) = 0x7f421cfde000
7 close(3</etc/ld.so.cache>) = 0
8 openat(AT_FDCWD</root>, "/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3</usr/lib64/libc.so.6>
9 read(3</usr/lib64/libc.so.6>, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\242\2\0\0\0\0\0"..., 832) = 832
10 pread64(3</usr/lib64/libc.so.6>, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
11 fstat(3</usr/lib64/libc.so.6>, {st_dev=makedev(0, 0x23), st_ino=6043, st_mode=S_IFREG|0755, st_nlink=2, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=4840, st_size=2476880, st_atime=1746105600 /* 2025-05-01T21:20:00.444181044+0800 */, st_atime_nsec=444181044, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420560 /* 2025-03-31T19:29:20.263820625+0800 */, st_ctime_nsec=263820625}) = 0
12 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f421cfdc000
13 pread64(3</usr/lib64/libc.so.6>, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
14 mmap(NULL, 2018160, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3</usr/lib64/libc.so.6>, 0) = 0x7f421cdef000
15 mmap(0x7f421ce17000, 1478656, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3</usr/lib64/libc.so.6>, 0x28000) = 0x7f421ce17000
16 mmap(0x7f421cf80000, 319488, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3</usr/lib64/libc.so.6>, 0x191000) = 0x7f421cf80000
17 mmap(0x7f421cfce000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3</usr/lib64/libc.so.6>, 0x1de000) = 0x7f421cfce000
18 mmap(0x7f421cfd4000, 31600, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f421cfd4000
19 close(3</usr/lib64/libc.so.6>) = 0
20 mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f421cdec000
21 arch_prctl(ARCH_SET_FS, 0x7f421cdec740) = 0
22 set_tid_address(0x7f421cdeca10) = 588
23 set_robust_list(0x7f421cdeca20, 24) = 0
24 rseq(0x7f421cded060, 0x20, 0, 0x53053053) = 0
25 mprotect(0x7f421cfce000, 16384, PROT_READ) = 0
26 mprotect(0x563c4c2d5000, 4096, PROT_READ) = 0
27 mprotect(0x7f421d029000, 8192, PROT_READ) = 0
28 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
29 munmap(0x7f421cfde000, 77547) = 0
30 geteuid() = 0
31 getegid() = 0
32 getrandom("\x38\xe8\xe1\x07\x28\xd2\xe4\x05", 8, GRND_NONBLOCK) = 8
33 brk(NULL) = 0x563c88fa2000
34 brk(0x563c88fc3000) = 0x563c88fc3000
35 openat(AT_FDCWD</root>, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
36 openat(AT_FDCWD</root>, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3</usr/share/locale/locale.alias>
37 fstat(3</usr/share/locale/locale.alias>, {st_dev=makedev(0, 0x23), st_ino=94532, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=2998, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420563 /* 2025-03-31T19:29:23.343507507+0800 */, st_ctime_nsec=343507507}) = 0
38 read(3</usr/share/locale/locale.alias>, "# Locale name alias data base.\n#"..., 4096) = 2998
39 read(3</usr/share/locale/locale.alias>, "", 4096) = 0
40 close(3</usr/share/locale/locale.alias>) = 0
41 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.UTF-8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
42 openat(AT_FDCWD</root>, "/usr/lib/locale/en_US.utf8/LC_IDENTIFICATION", O_RDONLY|O_CLOEXEC) = 3</usr/lib/locale/en_US.utf8/LC_IDENTIFICATION>
43 fstat(3</usr/lib/locale/en_US.utf8/LC_IDENTIFICATION>, {st_dev=makedev(0, 0x23), st_ino=14203, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=8, st_size=369, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1711411200 /* 2024-03-26T08:00:00+0800 */, st_mtime_nsec=0, st_ctime=1743420554 /* 2025-03-31T19:29:14.601267600+0800 */, st_ctime_nsec=601267600}) = 0
44 mmap(NULL, 369, PROT_READ, MAP_PRIVATE, 3</usr/lib/locale/en_US.utf8/LC_IDENTIFICATION>, 0) = 0x7f421cff0000
45 close(3</usr/lib/locale/en_US.utf8/LC_IDENTIFICATION>) = 0
46 openat(AT_FDCWD</root>, "/usr/lib64/gconv/gconv-modules.cache", O_RDONLY|O_CLOEXEC) = 3</usr/lib64/gconv/gconv-modules.cache>
47 fstat(3</usr/lib64/gconv/gconv-modules.cache>, {st_dev=makedev(0, 0x23), st_ino=67780, st_mode=S_IFREG|0644, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=56, st_size=27012, st_atime=1746105600 /* 2025-05-01T21:20:00.467181100+0800 */, st_atime_nsec=467181100, st_mtime=1717949668 /* 2024-06-10T00:14:28.217806304+0800 */, st_mtime_nsec=217806304, st_ctime=1743420560 /* 2025-03-31T19:29:20.263011985+0800 */, st_ctime_nsec=263011985}) = 0
48 mmap(NULL, 27012, PROT_READ, MAP_SHARED, 3</usr/lib64/gconv/gconv-modules.cache>, 0) = 0x7f421cfe9000
49 close(3</usr/lib64/gconv/gconv-modules.cache>) = 0
50 futex(0x7f421cfd372c, FUTEX_WAKE_PRIVATE, 2147483647) = 0

36 天前

回复了 wniming 创建的主题 › Linux › 有没有办法在 lxc 特权容器中用普通用户运行 podman？

@geekvcn 问 chatgpt 好几个相关的问题了，chatgpt 给的解决办法都试了都不管用，直通硬盘无法满足我的使用需求，因为服务器 A 还部署了几个 pve 虚拟机，如果现在服务器 A 的系统作为虚拟机运行的话，pve 虚拟机就只能作为嵌套虚拟机运行，然后再在 PVE 里启动虚拟机的话就是两层嵌套了，会有很多问题，另外我这是家用环境，搭建高可用集群有些太浪费了。

虽然是临时用，但我感觉以后还会有其他场景需要在 lxc 特权容器里跑非特权的容器，比如装双系统时，原来可能是一个 fedora 系统，后来又装了一个 ubuntu 系统，我就想在这种情况下用 lxc 特权容器运行原来的 fedora 系统，这样可以不用把原来 fedora 系统上的非特权 podman 服务重新部署到 ubuntu 系统里。

1 2 3 4 5 6 7 8 9 10 ... 32

❮

❯