[pkg-lxc-devel] Bug#964745: lxc-start fails when specifying a custom lxc.net.0.hwaddr (on armv7l)

Santiago R.R. santiagorr at riseup.net
Thu Jul 9 21:28:06 BST 2020 

Package: lxc
Version: 1:3.1.0+really3.0.3-8
Severity: important

Dear Maintainer,

After creating an lxc container, I've manually set a MAC address for it.
The container fails to start, giving this output in the logs:

	lxc-start container-name 20200709195149.256 ERROR    network - network.c:setup_hw_addr:2762 - Cannot assign requested address - Failed to perform ioctl
	lxc-start container-name 20200709195149.256 ERROR    network - network.c:lxc_setup_netdev_in_child_namespaces:2907 - Failed to setup hw address for network device "eth0"
	lxc-start container-name 20200709195149.256 ERROR    network - network.c:lxc_setup_network_in_child_namespaces:3047 - failed to setup netdev
	lxc-start container-name 20200709195149.256 ERROR    conf - conf.c:lxc_setup:3540 - Failed to setup network
	lxc-start container-name 20200709195149.257 ERROR    start - start.c:do_start:1275 - Failed to setup container "container-name"
	lxc-start container-name 20200709195149.257 ERROR    sync - sync.c:__sync_wait:62 - An error occurred in another process (expected sequence number 5)
	lxc-start container-name 20200709195149.258 ERROR    lxccontainer - lxccontainer.c:wait_on_daemonized_start:842 - Received container state "ABORTING" instead of "RUNNING"
	lxc-start container-name 20200709195149.258 ERROR    lxc_start - tools/lxc_start.c:main:330 - The container failed to start
	lxc-start container-name 20200709195149.259 ERROR    lxc_start - tools/lxc_start.c:main:333 - To get more details, run the container in foreground mode
	lxc-start container-name 20200709195149.259 ERROR    lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options
	lxc-start container-name 20200709195149.275 ERROR    start - start.c:__lxc_start:1951 - Failed to spawn container "container-name"

In the host I can see this:

	...
	Jul 09 19:53:42 olimicro audit[4788]: AVC apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4788 comm="apparmor_parser"
	Jul 09 19:53:42 olimicro kernel: audit: type=1400 audit(1594324422.794:57): apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4788 comm="apparmor_parser"
	Jul 09 19:53:42 olimicro kernel: br0: port 4(vethETHNAME) entered blocking state
	Jul 09 19:53:42 olimicro kernel: br0: port 4(vethETHNAME) entered disabled state
	Jul 09 19:53:42 olimicro systemd-udevd[4789]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
	Jul 09 19:53:42 olimicro kernel: device vethETHNAME entered promiscuous mode
	Jul 09 19:53:42 olimicro kernel: IPv6: ADDRCONF(NETDEV_UP): vethETHNAME: link is not ready
	Jul 09 19:53:42 olimicro systemd-udevd[4789]: Using default interface naming scheme 'v240'.
	Jul 09 19:53:42 olimicro systemd-udevd[4789]: Could not generate persistent MAC address for vethHP689N: No such file or directory
	Jul 09 19:53:42 olimicro NetworkManager[935]: <info>  [1594324422.8520] manager: (vethHP689N): new Veth device (/org/freedesktop/NetworkManager/Devices/37)
	Jul 09 19:53:42 olimicro systemd-udevd[4790]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
	Jul 09 19:53:42 olimicro kernel: eth0: renamed from vethHP689N
	Jul 09 19:53:42 olimicro systemd-udevd[4790]: Using default interface naming scheme 'v240'.
	Jul 09 19:53:42 olimicro sudo[4781]: pam_unix(sudo:session): session closed for user root
	Jul 09 19:53:42 olimicro NetworkManager[935]: <info>  [1594324422.9294] manager: (vethETHNAME): new Veth device (/org/freedesktop/NetworkManager/Devices/38)
	Jul 09 19:53:43 olimicro audit[4795]: AVC apparmor="STATUS" operation="profile_remove" profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4795 comm="apparmor_parser"
	Jul 09 19:53:43 olimicro kernel: audit: type=1400 audit(1594324423.898:58): apparmor="STATUS" operation="profile_remove" profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4795 comm="apparmor_parser"
	Jul 09 19:53:44 olimicro kernel: br0: port 4(vethETHNAME) entered disabled state
	Jul 09 19:53:44 olimicro kernel: device vethETHNAME left promiscuous mode
	Jul 09 19:53:44 olimicro kernel: br0: port 4(vethETHNAME) entered disabled state
	Jul 09 19:53:44 olimicro NetworkManager[935]: <info>  [1594324424.5249] device (vethETHNAME): released from master device br0

To make the container work, I had to remove the lxc.net.0.hwaddr entry,
start the container and only then copy the autogenerated MAC address in
the config.

This happens on armv7l running buster. I haven't test a similar case on
other architecture nor testing/sid.



-- System Information:
Debian Release: 10.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)

Kernel: Linux 4.19.0-9-armmp-lpae (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  debconf [debconf-2.0]  1.5.71
ii  libc6                  2.28-10
ii  libcap2                1:2.25-2
ii  libgnutls30            3.6.7-4+deb10u4
ii  liblxc1                1:3.1.0+really3.0.3-8
ii  libseccomp2            2.3.3-4
ii  libselinux1            2.8-1+b1
ii  lsb-base               10.2019051400

Versions of packages lxc recommends:
ii  apparmor                     2.13.2-10
ii  bridge-utils                 1.6-2
ii  debootstrap                  1.0.114
ii  dirmngr                      2.2.12-1+deb10u1
ii  dnsmasq-base [dnsmasq-base]  2.80-1
ii  gnupg                        2.2.12-1+deb10u1
ii  iproute2                     4.20.0-2
ii  iptables                     1.8.2-4
ii  libpam-cgfs                  1:3.1.0+really3.0.3-8
ii  lxc-templates                3.0.4-0+deb10u1
ii  lxcfs                        3.0.3-2
ii  nftables                     0.9.0-2
ii  openssl                      1.1.1d-0+deb10u3
ii  rsync                        3.1.3-6
ii  uidmap                       1:4.5-1.1

Versions of packages lxc suggests:
pn  btrfs-progs  <none>
ii  lvm2         2.03.02-3
ii  python3-lxc  1:3.0.3-1

-- Configuration Files:
/etc/lxc/default.conf changed:
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = br0
lxc.net.0.hwaddr = 45:b9:1a:xx:xx:xx
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1


-- debconf information:
* lxc/auto_update_config: true
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20200709/8ebfa4e9/attachment.sig>

More information about the Pkg-lxc-devel mailing list