[pkg-lxc-devel] Bug#934387: lxc: privileged LXC container do not start
Diego Torres
diego.torres at gmail.com
Mon Aug 26 23:03:58 BST 2019
> Yes, now update to the version claiming fixing the issue, that is
> 1:3.1.0+really3.0.4-2. If you then see still similar or same issue
> might you post your debug log output, which might help further
> investigating the issue.
I have updated liblxc1 with containers running. Containers where stopped,
and it was not possible to start them again, but this time the error
message changed.
As a proof of concept I have created a new container as Salvatore did:
# lxc-create -n test-container -t debian -- -r sid
[...]
# lxc-start -n test-container --logfile=/tmp/test-container.log -l DEBUG
lxc-start: test-container: lxccontainer.c: wait_on_daemonized_start: 850
Received container state "ABORTING" instead of "RUNNING"
lxc-start: test-container: tools/lxc_start.c: main: 329 The container
failed to start
lxc-start: test-container: tools/lxc_start.c: main: 332 To get more
details, run the container in foreground mode
lxc-start: test-container: tools/lxc_start.c: main: 334 Additional
information can be obtained by setting the --logfile and --logpriority
options
# cat /tmp/test-container.log
lxc-start test-container 20190826214714.591 INFO lxccontainer -
lxccontainer.c:do_lxcapi_start:971 - Set process title to [lxc monitor]
/var/lib/lxc test-container
lxc-start test-container 20190826214714.592 INFO lsm -
lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:759 - Processing "reject_force_umount # comment
this to allow umount -f; not recommended"
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for
reject_force_umount action 0(kill)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for
reject_force_umount action 0(kill)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for
reject_force_umount action 0(kill)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for
reject_force_umount action 0(kill)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for kexec_load
action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for
kexec_load action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for
kexec_load action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for
kexec_load action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for
open_by_handle_at action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for
open_by_handle_at action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for
open_by_handle_at action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for
open_by_handle_at action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for
init_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for
init_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for
init_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for
init_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for
finit_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for
finit_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for
finit_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for
finit_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:935 - Added native rule for arch 0 for
delete_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:944 - Added compat rule for arch 1073741827 for
delete_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:954 - Added compat rule for arch 1073741886 for
delete_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:964 - Added native rule for arch -1073741762 for
delete_module action 327681(errno)
lxc-start test-container 20190826214714.592 INFO seccomp -
seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main
context
lxc-start test-container 20190826214714.593 DEBUG terminal -
terminal.c:lxc_terminal_peer_default:676 - No such device - The process
does not have a controlling terminal
lxc-start test-container 20190826214714.593 INFO start -
start.c:lxc_init:926 - Container "test-container" is initialized
lxc-start test-container 20190826214714.594 INFO cgfsng -
cgroups/cgfsng.c:cgfsng_monitor_create:1401 - The monitor process uses
"lxc.monitor/test-container" as cgroup
lxc-start test-container 20190826214714.601 INFO network -
network.c:instantiate_veth:148 - Retrieved mtu 1500 from br0
lxc-start test-container 20190826214714.602 INFO network -
network.c:instantiate_veth:176 - Attached "vethQ60O8Z" to bridge "br0"
lxc-start test-container 20190826214714.602 DEBUG network -
network.c:instantiate_veth:201 - Instantiated veth "vethQ60O8Z/vethPWR03K",
index is "19"
lxc-start test-container 20190826214714.603 INFO cgfsng -
cgroups/cgfsng.c:cgfsng_payload_create:1466 - The container process uses
"lxc.payload/test-container" as cgroup
lxc-start test-container 20190826214714.605 ERROR start -
start.c:proc_pidfd_open:1619 - Invalid argument - Failed to send signal
through pidfd
lxc-start test-container 20190826214714.653 INFO network -
network.c:lxc_delete_network_priv:2723 - Removed interface "(null)" with
index 19
lxc-start test-container 20190826214714.662 WARN network -
network.c:lxc_delete_network_priv:2742 - Failed to remove interface
"vethQ60O8Z" from "br0"
lxc-start test-container 20190826214714.662 DEBUG network -
network.c:lxc_delete_network:3308 - Deleted network devices
lxc-start test-container 20190826214714.662 DEBUG lxccontainer -
lxccontainer.c:wait_on_daemonized_start:839 - First child 15800 exited
lxc-start test-container 20190826214714.662 ERROR lxccontainer -
lxccontainer.c:wait_on_daemonized_start:850 - Received container state
"ABORTING" instead of "RUNNING"
lxc-start test-container 20190826214714.662 ERROR lxc_start -
tools/lxc_start.c:main:329 - The container failed to start
lxc-start test-container 20190826214714.662 ERROR lxc_start -
tools/lxc_start.c:main:332 - To get more details, run the container in
foreground mode
lxc-start test-container 20190826214714.662 ERROR lxc_start -
tools/lxc_start.c:main:334 - Additional information can be obtained by
setting the --logfile and --logpriority options
lxc-start test-container 20190826214714.681 ERROR start -
start.c:__lxc_start:2031 - Failed to spawn container "test-container"
lxc-start test-container 20190826214714.685 INFO conf -
conf.c:run_script_argv:371 - Executing script
"/usr/share/lxcfs/lxc.reboot.hook" for container "test-container", config
section "lxc"
Package: liblxc1
Version: 1:3.1.0+really3.0.4-2
Package: lxc
Version: 1:3.1.0+really3.0.4-2
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 5.1.21-050121-generic (SMP w/2 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8),
LANGUAGE=es_ES.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages liblxc1 depends on:
ii libc6 2.28-10
ii libcap2 1:2.25-2
ii libgcc1 1:9.2.1-1
ii libseccomp2 2.4.1-2
ii libselinux1 2.9-2+b2
ii systemd 242-4
Versions of packages lxc depends on:
ii debconf [debconf-2.0] 1.5.73
ii libc6 2.28-10
ii libgcc1 1:9.2.1-1
ii liblxc1 1:3.1.0+really3.0.4-2
ii lsb-base 11.1.0
Versions of packages lxc recommends:
ii apparmor 2.13.3-4
ii bridge-utils 1.6-2
ii debootstrap 1.0.115
ii dirmngr 2.2.17-3
ii dnsmasq-base [dnsmasq-base] 2.80-1+b1
ii gnupg 2.2.17-3
ii iproute2 5.2.0-1
ii iptables 1.8.3-2
ii libpam-cgfs 1:3.1.0+really3.0.4-2
ii lxc-templates 3.0.3-1
ii lxcfs 3.0.4-2
ii nftables 0.9.1-3
ii openssl 1.1.1c-1
ii rsync 3.1.3-6+b1
ii uidmap 1:4.7-2
Versions of packages lxc suggests:
ii btrfs-progs 5.2.1-1
ii lvm2 2.03.02-3
ii python3-lxc 1:3.0.4-1
liblxc1 recommends no packages.
liblxc1 suggests no packages.
Going back to liblxc1=1:3.1.0+really3.0.3-8 fixes the problem.
Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20190827/22855ab8/attachment-0001.html>
More information about the Pkg-lxc-devel
mailing list