[pkg-lxc-devel] Bug#946725: lxc: Unprivileged containers fail with 'Failed to mount API filesystems'

bauerfichtner bauerfichtner at gmail.com
Sat Dec 14 19:50:06 GMT 2019 

Package: lxc
Version: 1:3.1.0+really3.0.3-8
Severity: important

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
     Created an unprivileged container.
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
     Tried to start the unprivileged container.
      root at host:~# lxc-start --foreground --name testcontainer
      Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied
      [!!!!!!] Failed to mount API filesystems.
      Exiting PID 1...
   * What was the outcome of this action?
     Container exited.
   * What outcome did you expect instead?
     Container starting up.
   * Additional information
     Debian buster amd64 container was created using 
     'lxc-create --template download'.
     Unprivileged containers created the same way run 
     fine on the same host (only difference in configuration are the 
     lxc.idmap lines in the container configuration.

-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6                  2.28-10
ii  libcap2                1:2.25-2
ii  libgnutls30            3.6.7-4
ii  liblxc1                1:3.1.0+really3.0.3-8
ii  libseccomp2            2.3.3-4
ii  libselinux1            2.8-1+b1
ii  lsb-base               10.2019051400

Versions of packages lxc recommends:
ii  apparmor                     2.13.2-10
ii  bridge-utils                 1.6-2
ii  debootstrap                  1.0.114
ii  dirmngr                      2.2.12-1+deb10u1
ii  dnsmasq-base [dnsmasq-base]  2.80-1
ii  gnupg                        2.2.12-1+deb10u1
ii  iproute2                     4.20.0-2
ii  iptables                     1.8.2-4
ii  libpam-cgfs                  1:3.1.0+really3.0.3-8
ii  lxc-templates                3.0.3-1
ii  lxcfs                        3.0.3-2
ii  nftables                     0.9.0-2
ii  openssl                      1.1.1d-0+deb10u2
ii  rsync                        3.1.3-6
ii  uidmap                       1:4.5-1.1

Versions of packages lxc suggests:
pn  btrfs-progs  <none>
ii  lvm2         2.03.02-3
pn  python3-lxc  <none>

-- Configuration Files:
/etc/lxc/default.conf changed:
lxc.net.0.type = veth
lxc.net.0.link = br0
lxc.net.0.flags = up
lxc.net.0.hwaddress = 00:16:3e:xx:xx:xx
lxc.start.auto = 0
lxc.idmap = u 0 886432 65536
lxc.idmap = g 0 886432 65536
lxc.cgroup.memory.limit_in_bytes = 256M
lxc.cgroup.cpuset.cpus = 3
lxc.apparmor.profile = unconfined

-- debconf information:
* lxc/auto_update_config: true

More information about the Pkg-lxc-devel mailing list