[pkg-lxc-devel] Bug#939168: systemd: LXC container fails to start after stretch->buster update inside container

Pierre-Elliott Bécue peb at debian.org
Thu Nov 28 21:41:29 GMT 2019 

Le lundi 02 septembre 2019 à 22:10:52+0300, Sergey Aleynikov a écrit :
> > You should probably attach the output of
> > reportbug --template lxc
> > to this bug report so the lxc maintainers have some context.
> 
> I'm attaching 'lxc-start -n testupg --logfile=lxc.log -l DEBUG' and
> 'reportbug --template lxc' outputs to this message.
> 
> > Checking the existing bug reports, there are already a few which concern
> > sysvinit.
> > I would suggest that you check them out like
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869892
> 
> I've looked at them yesterday, just in case, and didn't see anything
> obviously related. For example, for this one, I already have
> cgroupfs-mount installed and /sys/fs/cgroup present. And while I see
> mounting errors for the container after upgrade (not the attached log,
> but the original container i've tried to upgrade), they do not seem to
> be an immediate cause for the startup failure.

I gave a look at this.

First you're not providing a full context.

 1. Are your containers privileged or unprivileged?
 2. Do you have any LSM installed on the host?

From the log file, it seems that init in the container (systemd) is
returning upon startup.

It is not clear what makes it return, but I'd guess it tries to access
resources it can't.

There was a time when running a container based on systemd on a host
using sysvinit was not working properly. It seems you are encountering
another fragrance of this time.

There are probably ways to debug that, but to me it's due to two
factors:

 1. Containers aren't fully isolated
 2. From 1. systemd relies on resources it can access when the init on
    the host is systemd whereas it can't when the init on the host is
    something else.

I'd be happy to help if I could, but I have no comparable setup to yours
and I lack time to design an experiment to try and reproduce this bug.

Sorry for that.

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20191128/b865f67a/attachment.sig>

More information about the Pkg-lxc-devel mailing list