[pkg-lxc-devel] Bug#934387: lxc: privileged LXC container do not start: ERROR cgfsng - cgroups/cgfsng.c:__do_cgroup_enter:1498 - No space left on device - Failed to enter cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/test-container/cgroup.procs"
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 10 15:59:32 BST 2019
Package: lxc
Version: 1:3.1.0+really3.0.4-1
Severity: normal
Hi
After an update of lxc and liblxc1 to 1:3.1.0+really3.0.4-1 privileged
container do not start anymore on an affected host (this might be a
problem specific, but not entirely sure if it is a bug in the package
or it's here a user error).
The host is already at 1:3.1.0+really3.0.4-1 and creating a new
container:
sudo lxc-create -n test-container -t debian -- -r sid
and starting it
sudo lxc-start -n test-container --logfile=/tmp/test-container.log -l DEBUG
fails to start:
lxc-start: test-container: lxccontainer.c: wait_on_daemonized_start: 851 Received container state "STOPPING" instead of "RUNNING"
lxc-start: test-container: tools/lxc_start.c: main: 329 The container failed to start
lxc-start: test-container: tools/lxc_start.c: main: 332 To get more details, run the container in foreground mode
lxc-start: test-container: tools/lxc_start.c: main: 335 Additional information can be obtained by setting the --logfile and --logpriority options
And in detail the test-container.log contains:
lxc-start test-container 20190810144707.635 INFO lxccontainer - lxccontainer.c:do_lxcapi_start:971 - Set process title to [lxc monitor] /var/lib/lxc test-container
lxc-start test-container 20190810144707.636 INFO lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start test-container 20190810144707.637 DEBUG terminal - terminal.c:lxc_terminal_peer_default:676 - No such device - The process does not have a controlling terminal
lxc-start test-container 20190810144707.739 INFO start - start.c:lxc_init:926 - Container "test-container" is initialized
lxc-start test-container 20190810144707.739 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start test-container 20190810144707.739 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start test-container 20190810144707.740 INFO cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1403 - The monitor process uses "lxc.monitor/test-container" as cgroup
lxc-start test-container 20190810144707.740 ERROR cgfsng - cgroups/cgfsng.c:__do_cgroup_enter:1498 - No space left on device - Failed to enter cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/test-container/cgroup.procs"
lxc-start test-container 20190810144707.740 ERROR start - start.c:__lxc_start:2004 - Failed to enter monitor cgroup
lxc-start test-container 20190810144707.740 DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:839 - First child 31136 exited
lxc-start test-container 20190810144707.740 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:851 - Received container state "STOPPING" instead of "RUNNING"
lxc-start test-container 20190810144707.741 ERROR lxc_start - tools/lxc_start.c:main:329 - The container failed to start
lxc-start test-container 20190810144707.741 ERROR lxc_start - tools/lxc_start.c:main:332 - To get more details, run the container in foreground mode
lxc-start test-container 20190810144707.741 ERROR lxc_start - tools/lxc_start.c:main:335 - Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start test-container 20190810144707.837 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
lxc-start test-container 20190810144707.837 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
lxc-start test-container 20190810144707.837 WARN cgfsng - cgroups/cgfsng.c:cgfsng_monitor_destroy:1178 - No space left on device - Failed to move monitor 31137 to "/sys/fs/cgroup/cpuset//lxc.pivot/cgroup.procs"
Downgrading to 1:3.1.0+really3.0.3-8 allows the containers to start again.
But as said I'm unsure here if this might be a bug in 1:3.1.0+really3.0.4-1.
I will try to reproduce as well on a fresh installation starting in buster and
installing lxc there, then upgrading to unstable and see if the issue is
reproducible in general. The affected host is one constantly following unstable
and regularly installing updates, so the lxc/liblxc1 updat happended when
1:3.1.0+really3.0.4-1 was uploaded to unstable.
Regards,
Salvatore
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages lxc depends on:
ii debconf [debconf-2.0] 1.5.73
ii libc6 2.28-10
ii libcap2 1:2.25-2
ii libgcc1 1:9.1.0-10
ii liblxc1 1:3.1.0+really3.0.4-1
ii libseccomp2 2.4.1-2
ii libselinux1 2.9-2+b2
ii lsb-base 10.2019051400
Versions of packages lxc recommends:
ii apparmor 2.13.3-4
ii bridge-utils 1.6-2
ii debootstrap 1.0.115
ii dirmngr 2.2.17-3
ii dnsmasq-base [dnsmasq-base] 2.80-1
ii gnupg 2.2.17-3
ii iproute2 5.2.0-1
ii iptables 1.8.3-2
pn libpam-cgfs <none>
ii lxc-templates 3.0.3-1+b1
pn lxcfs <none>
ii openssl 1.1.1c-1
ii rsync 3.1.3-6+b1
pn uidmap <none>
Versions of packages lxc suggests:
pn btrfs-progs <none>
ii lvm2 2.03.02-3
ii python3-lxc 1:3.0.3-1+b1
-- Configuration Files:
/etc/lxc/default.conf changed:
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = virbr0
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
-- debconf information:
* lxc/auto_update_config: true
More information about the Pkg-lxc-devel
mailing list