Description of problem: Creating LXC container from disk image with <idmap/> results in "Permission denied" error. Steps to Reproduce: 1. Create single partition disk image which contains root file system. Example: virt-make-fs --type=ext3 --format=qcow2 --size=+200M /some/path/rootfs.tar /some/path/image.qcow2 2. Create new container using this image with <idmap />. Example: sudo virsh -c lxc:/// create test.xml Content of test.xml: <domain type="lxc"> <name>container1</name> <uuid>e947c122-ad9c-4ee5-bc59-68fb089b284d</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <vcpu>1</vcpu> <os> <type arch="x86_64">exe</type> <init>/bin/bash</init> </os> <idmap> <uid start="0" target="1000" count="10"/> <gid start="0" target="1000" count="10"/> </idmap> <features> <privnet/> </features> <devices> <emulator>/usr/libexec/libvirt_lxc</emulator> <filesystem type="file"> <source file="/some/path/image.qcow2"/> <driver type="nbd" format="qcow2"/> <target dir="/"/> </filesystem> <console type="pty"/> </devices> </domain> Actual results: error: Failed to create domain from test.xml error: internal error: guest failed to start: Failure in libvirt_lxc startup: Failed to create /var/run/libvirt/lxc/container1.root: Permission denied Expected results: Domain container1 created from test.xml Additional info: If we remove <idmap /> the container will start correctly.
I just find out that this bug was already reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1328946 *** This bug has been marked as a duplicate of bug 1328946 ***