[pkg-lxc-devel] Bug#875733: lxc.mount.auto = cgroup:mixed doesn't seem to work in Stretch anymore
Yves-Alexis Perez
corsac at debian.org
Thu Sep 14 07:23:08 UTC 2017
Package: lxc
Version: 1:2.0.7-2
Severity: normal
Hi,
In Jessie I was using a container setup with LXC and unprivileged
containers. By unprivileged, I mean container config had a bunch of
lxc.cap.drop lines, especially including sys_admin.
That means the init system inside the container (systemd) is not able to
do any privileged operation, including mounts, so the mounts need to be
done before starting the containers. It worked fine in Jessie (both host
and guests) with lines suchs as:
auto = proc:mixed sys:ro cgroup:mixed
Which takes care of mounting /proc, /sys and /sys/fs/cgroup for the
container.
Now in Stretch with lxc 2.0.7-2, it doesn't work anymore. Console output
for a Jessie container shows:
Failed to mount tmpfs at /sys/fs/cgroup: Operation not permitted
While for a Stretch container I have:
Failed to mount tmpfs at /sys/fs/cgroup: Operation not permitted
Failed to mount cgroup at /sys/fs/cgroup/systemd: No such file or
directory
[!!!!!!] Failed to mount API filesystems, freezing.
Freezing execution.
So it looks like systemd is trying to mount /sys/fs/cgroup and fails
(because it doesn't have CAP_SYS_ADMIN, which is expected). That means
lxc somehow failed to mount /sys/fs/cgroup in the container, which looks
like a regression from Jessie.
I'll setup a more simple container and config so I can provide it and
some logs to you so you can reproduce.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: 9.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lxc depends on:
ii init-system-helpers 1.48
ii libapparmor1 2.11.0-3
ii libc6 2.24-11+deb9u1
ii libcap2 1:2.25-1
ii libgnutls30 3.5.8-5+deb9u2
ii liblxc1 1:2.0.7-2
ii libseccomp2 2.3.1-2.1
ii libselinux1 2.6-3+b1
ii lsb-base 9.20161125
ii python3 3.5.3-1
ii python3-lxc 1:2.0.7-2
Versions of packages lxc recommends:
pn bridge-utils <none>
ii debootstrap 1.0.89
ii dirmngr 2.1.18-6
pn dnsmasq-base <none>
ii gnupg 2.1.18-6
ii iptables 1.6.0+snapshot20161117-6
pn libpam-cgfs <none>
pn lxcfs <none>
ii openssl 1.1.0f-3
ii rsync 3.1.2-1
pn uidmap <none>
Versions of packages lxc suggests:
pn apparmor <none>
pn btrfs-tools <none>
ii lvm2 2.02.168-2
-- debconf information:
* lxc/directory: /srv/lxc
lxc/shutdown: /usr/bin/lxc-halt
lxc/title:
lxc/auto:
More information about the Pkg-lxc-devel
mailing list