[pkg-lxc-devel] Bug#995035: lxc: Operation not permitted - Failed to mount "proc" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/proc"

John Wong johnw.mail at gmail.com
Sat Sep 25 06:30:22 BST 2021 

Package: lxc
Version: 1:4.0.10-1
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***
	After upgraded to 4.0.10-1, I cannot start unprivs container
	anymore (it works before upgrade).

	I start the unprivs container as root with this:
	lxc-start -n dmz011 -l trace -o log
	and I found this error message in the log like below:

	utils - utils.c:safe_mount:1198 - Operation not permitted -
	Failed to mount "proc" onto
	"/usr/lib/x86_64-linux-gnu/lxc/rootfs/proc"
	conf - conf.c:lxc_mount_auto_mounts:801 - Operation not
	permitted - Failed to mount "proc" on
	"/usr/lib/x86_64-linux-gnu/lxc/rootfs/proc" with flags 14

	The container config like below:
	# Distribution configuration
	lxc.include = /usr/share/lxc/config/common.conf
	lxc.include = /usr/share/lxc/config/userns.conf
	lxc.arch = linux64

	# Container specific configuration
	lxc.idmap = u 0 1100000 65536
	lxc.idmap = g 0 1100000 65536
	lxc.apparmor.profile = unconfined

	# Network configuration
	lxc.net.0.type = none

	lxc.rootfs.path = dir:/var/lib/lxc/dmz011/rootfs
	lxc.uts.name = dmz011

	If I remove lxc.idmap, run the container as privs container, it
	can start.


   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.14.0-1-amd64 (SMP w/8 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  bridge-utils                 1.7-1
ii  debconf [debconf-2.0]        1.5.77
ii  dnsmasq-base [dnsmasq-base]  2.86-1
ii  iproute2                     5.14.0-1
ii  iptables                     1.8.7-1
ii  libc6                        2.32-4
ii  libcap2                      1:2.44-1
ii  libgcc-s1                    11.2.0-8
ii  liblxc1                      1:4.0.10-1
ii  libseccomp2                  2.5.2-1
ii  libselinux1                  3.1-3
ii  lsb-base                     11.1.0

Versions of packages lxc recommends:
ii  apparmor       3.0.3-2
pn  debootstrap    <none>
ii  dirmngr        2.2.27-2
ii  gnupg          2.2.27-2
pn  libpam-cgfs    <none>
ii  lxc-templates  3.0.4-5
ii  lxcfs          4.0.7-1
ii  openssl        1.1.1l-1
ii  rsync          3.2.3-7
pn  uidmap         <none>
ii  wget           1.21-1+b1

Versions of packages lxc suggests:
ii  btrfs-progs  5.14.1-1
ii  lvm2         2.03.11-2.1
ii  python3-lxc  1:3.0.4-1+b4

-- Configuration Files:
/etc/default/lxc-net changed:
USE_LXC_BRIDGE="false"


-- debconf information:
  lxc/auto_update_config:

More information about the Pkg-lxc-devel mailing list