Your message dated Wed, 24 Apr 2024 18:56:10 +0200
with message-id <87il06g0np....@daath.pimeys.fr>
and subject line Closing old bugs
has caused the Debian Bug report #875733,
regarding lxc.mount.auto = cgroup:mixed doesn't seem to work in Stretch anymore
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
875733: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875733
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: lxc
Version: 1:2.0.7-2
Severity: normal
Hi,
In Jessie I was using a container setup with LXC and unprivileged
containers. By unprivileged, I mean container config had a bunch of
lxc.cap.drop lines, especially including sys_admin.
That means the init system inside the container (systemd) is not able to
do any privileged operation, including mounts, so the mounts need to be
done before starting the containers. It worked fine in Jessie (both host
and guests) with lines suchs as:
auto = proc:mixed sys:ro cgroup:mixed
Which takes care of mounting /proc, /sys and /sys/fs/cgroup for the
container.
Now in Stretch with lxc 2.0.7-2, it doesn't work anymore. Console output
for a Jessie container shows:
Failed to mount tmpfs at /sys/fs/cgroup: Operation not permitted
While for a Stretch container I have:
Failed to mount tmpfs at /sys/fs/cgroup: Operation not permitted
Failed to mount cgroup at /sys/fs/cgroup/systemd: No such file or
directory
[!!!!!!] Failed to mount API filesystems, freezing.
Freezing execution.
So it looks like systemd is trying to mount /sys/fs/cgroup and fails
(because it doesn't have CAP_SYS_ADMIN, which is expected). That means
lxc somehow failed to mount /sys/fs/cgroup in the container, which looks
like a regression from Jessie.
I'll setup a more simple container and config so I can provide it and
some logs to you so you can reproduce.
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: 9.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8),
LANGUAGE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lxc depends on:
ii init-system-helpers 1.48
ii libapparmor1 2.11.0-3
ii libc6 2.24-11+deb9u1
ii libcap2 1:2.25-1
ii libgnutls30 3.5.8-5+deb9u2
ii liblxc1 1:2.0.7-2
ii libseccomp2 2.3.1-2.1
ii libselinux1 2.6-3+b1
ii lsb-base 9.20161125
ii python3 3.5.3-1
ii python3-lxc 1:2.0.7-2
Versions of packages lxc recommends:
pn bridge-utils <none>
ii debootstrap 1.0.89
ii dirmngr 2.1.18-6
pn dnsmasq-base <none>
ii gnupg 2.1.18-6
ii iptables 1.6.0+snapshot20161117-6
pn libpam-cgfs <none>
pn lxcfs <none>
ii openssl 1.1.0f-3
ii rsync 3.1.2-1
pn uidmap <none>
Versions of packages lxc suggests:
pn apparmor <none>
pn btrfs-tools <none>
ii lvm2 2.02.168-2
-- debconf information:
* lxc/directory: /srv/lxc
lxc/shutdown: /usr/bin/lxc-halt
lxc/title:
lxc/auto:
--- End Message ---
--- Begin Message ---
Hi,
These bugs are quite old, and it's not humanly possible to test if
they're all still actual to the current versions of LXC.
I'm therefore closing them. I do not consider them as solved, and I'd
have preferred if we were able to solve them back then.
If the bug you reported is still a thing in recent lxc versions, feel
free to reopen it or to open a new bug.
I hope you'll understand that it's not an attempt to hide problems, but
rather an attempt to get a better view on problem I can act upon.
Bests,
--
PEB
signature.asc
Description: PGP signature
--- End Message ---
