On Sun, Sep 6, 2015 at 9:47 PM, Alex Vong <alexvong1995@gmail.com> wrote:
> Hi Dave,
>
> I have searched the internet according to the information you provided,
> I find this bug report <https://github.com/lxc/lxc/issues/250> provides useful information.
> I have written an example program after going through the clone(2) man page.
> It demonstrates the problem and is inlined below.
>
> First, compile the program as `a.out'.
>
> Consider shell session 1:
>
>     root# echo 0 > /proc/sys/kernel/unprivileged_userns_clone
>     user$ ./a.out
>     I am your parent
>     Start cloning...
>     Cannot clone!
>
> Consider shell session 2:
>
>     root# echo 1 > /proc/sys/kernel/unprivileged_userns_clone
>     user$ ./a.out
>     I am your parent
>     Start cloning...
>     Cloned!
>     I am your child
>
> Any idea what's happenning?
> I don't know Linux much, for instance I don't know what is container and namespace in Linux.

It seems that the kernel you are using has disabled the use of
unprivileged user namespaces by default.  After doing that echo as
root, you should be able to run the tests successfully.  Could you
apply the attached patch and let me know if 'make check
TESTS=tests/syscalls.scm' and 'make check TESTS=tests/containers.scm'
pass in both when unprivileged user namespaces are disabled and when
they are enabled?

Thank you!

- Dave