process_linux.go:252: getting pipe fds for pid 2130 caused "readlink /proc/2130/fd/0: permission denied" #1419
Description
Unable to start docker container inside unprivilegied LXC container with error:
[root@klxc5 /]# docker run --rm -it registry.foo.bar/base/centos:7.3.1611 /bin/bash
docker: Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:252: getting pipe fds for pid 2130 caused "readlink /proc/2130/fd/0: permission denied"".
LXC version: 2.0.7
OS: CentOs-7.3
LXC container config:
lxc.arch = x86_64
lxc.id_map = u 0 165536 65536
lxc.id_map = g 0 165536 65536
lxc.cgroup.devices.allow = a
lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
lxc.aa_profile = unconfined
lxc.rootfs = /dev/vg00/klxc5.cloud.foo.bar
lxc.rootfs.backend = lvm
lxc.utsname = klxc5.cloud.foo.bar
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = k8sbr
lxc.network.ipv4 = x.x.x.x/21
lxc.network.ipv4.gateway = x.x.x.x
lxc.mount.auto = cgroup:rw proc:rw sys:rw
This behavior appears after the patch 50a19c6