Bug#651237: lxc.cap.drop in config provokes erroneous start of container

Mon, 12 Dec 2011 12:33:21 -0800 

Am 11.12.2011 17:10, schrieb Daniel Baumann:

On 12/11/2011 12:39 PM, Marcus Osdoba wrote:

The hostname configured by the linux-container package inside the
container is never used when dropping capabilites (which is default) -
because hostname.sh fails.


as i said before, that does not matter.

Accepted. I ignored the mounting errors - but the hostname stays empty 
and I (and possibly other uers, too) expect a valid hostname inside the 
container.



That's ok when setting uts-name in config, but by default this value is
emtpy and one need to know, that the hostname has to be set there.


no, by utsname is set by default.

The utsname is not filled by default. The code sets _NAME in the config 
file only, when given by commandline option --name (it's not asked in 
the debconf masks).

That's not obvious for most users.


For first-contact-users this looks a bit confusing. The container patch
ifupdown_607713.sh explicitly requires hostname.


no, it does not depend on hostname.

True. The script does not depend on the hostname, but it makes 
ifupdown-clean depending on starting hostname first. Hostname is enable 
by default and not disabled by the linux-container package.



Please note, that I don't intend to re-open this bug, I just want to put 
information for others here, who are trying to test the lxc package from 
Sid. I don't expect an answer.



Just in case, you like to know my latest test results with lxc-0.7.5-14:
(the following lines are a summary of the attached log)
creating the container on a 32bit host with
/usr/lib/lxc/templates/lxc-debian -p /var/lib/lxc/squeeze
--> empty utsname in squeeze/config

Root-Password "hallo" wasn't picked up. I needed to change it with 
chroot/passwd. I re-tried that on an amd64 host creating a 32bit 
container and it was set correctly to "hallo".
Installing the linux-container package via chroot. -> set a hostname 
there (the hostname set by linux-container is never seen when starting 
the container).
Setting utsname manually in config, resulted in the expected hostname 
after starting the container.



So why set the hostname with linux-container pkg, if the dropped caps 
disable the ability to read the hostname inside the container?


I'm ok with the dropped caps.
But the missing hostname stays confusing.


Drop me a line, if you dont't like to read my bugreports.


Hopefully you understand what I trying to report, if not, take my 
excuses for wasting your time.

root@debian:/var/lib/lxc# ls -l squeeze/
drwxr-xr-x  2 root root 4096 12. Dez 11:13 .
drwxrwxrwx 18 root root 4096  8. Dez 12:55 ..
root@debian:/var/lib/lxc# /usr/lib/lxc/templates/lxc-debian -p /var/lib/lxc/squeeze

root@debian:/var/lib/lxc# cat /tmp/lxc-debian.rbm8lbQO/debconf.default 
_PRESEED_FILE=""
_DISTRIBUTION="squeeze"
_PARENT_DISTRIBUTION="squeeze"
_MIRROR="http://ftp.debian.org/debian/";
_MIRROR_SECURITY="http://security.debian.org/";
_MIRROR_VOLATILE="http://ftp.debian.org/debian/";
_MIRROR_BACKPORTS="http://backports.debian.org/debian-backports/";
_PARENT_MIRROR="http://ftp.debian.org/debian/";
_PARENT_MIRROR_SECURITY="http://security.debian.org/";
_PARENT_MIRROR_VOLATILE="http://ftp.debian.org/debian/";
_PARENT_MIRROR_BACKPORTS="http://backports.debian.org/debian-backports/";
_PACKAGES=""
_ROOT_PASSWORD="hallo"
LINUX_CONTAINER_ETH_NUMBER="0"
LINUX_CONTAINER_ETH0_COMMENT=""
LINUX_CONTAINER_ETH0_BRIDGE="virbr0"
LINUX_CONTAINER_ETH0_MAC="00:FF:00:00:00:01"
LINUX_CONTAINER_ETH0_MTU=""
LINUX_CONTAINER_ETH0_VETH=""
_AUTO="false"

Checking cache download in /var/cache/lxc/debian/squeeze_i386... 
0% [Working]
99% [Waiting for headers]
Hit http://ftp.de.debian.org squeeze Release
99% [Working]
99% [Release gpgv 87.3 kB]
99% [Working]
Hit http://ftp.de.debian.org squeeze/main i386 Packages
100% [Working]
Fetched 507 kB in 3s (148 kB/s)
Reading package lists... 99%
Reading package lists... Done
Reading package lists... 100%
Reading package lists... Done
Building dependency tree... 50%
Building dependency tree       
Reading state information... 0%
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... 100%
Reading package lists... Done
Building dependency tree... 50%
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree       
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
rm: Entfernen von „/etc/lxc/auto/“ nicht möglich: Ist ein Verzeichnis
root@debian:/var/lib/lxc# grep utsname squeeze/config
lxc.utsname                             = 
root@debian:/var/lib/lxc# dpkg -l lxc|grep lxc
ii  lxc                   0.7.5-14              Linux Containers userspace tools
root@debian:/var/lib/lxc# cp /home/test/Downloads/linux-container_1-3_all.deb squeeze/rootfs/root/
root@debian:/var/lib/lxc# chroot squeeze/rootfs/
root@debian:/# dpkg -i root/linux-container_1-3_all.deb 
Selecting previously deselected package linux-container.
(Reading database ... 100%
(Reading database ... 8833 files and directories currently installed.)
Unpacking linux-container (from .../linux-container_1-3_all.deb) ...
Setting up linux-container (1-3) ...
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_CTYPE to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_MESSAGES to default locale: No such file or directory
/usr/bin/locale: Cannot set LC_ALL to default locale: No such file or directory
Creating file /etc/default/linux-container... done.
P: Updating file /etc/default/linux-container... done.
P: Fixing #607713 in ifupdown (http://bugs.debian.org/607713)... done.
P: Creating file /dev/tty1... done.
P: Creating file /dev/tty2... done.
P: Creating file /dev/tty3... done.
P: Creating file /dev/tty4... done.
P: Creating file /dev/tty5... done.
P: Creating file /dev/tty6... done.
P: Updating file /etc/inittab... done.
P: Disabling feature selinux... done.
P: Creating file /etc/network/interfaces... done.
P: Creating file /etc/resolv.conf... done.
P: Creating file /etc/hostname... done.
P: Disabling service checkroot.sh... done.
P: Disabling service umountfs... done.
P: Disabling service umountroot... done.
P: Disabling service hwclock.sh... done.
P: Disabling service hwclockfirst.sh... done.
P: Creating files /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key.pub... done.
P: Creating files /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_dsa_key.pub... done.
root@debian:/# 
root@debian:/var/lib/lxc# lxc-start -n squeeze
Mount failed for selinuxfs on /selinux:  Operation not permitted
INIT: version 2.88 booting
Using makefile-style concurrent boot in runlevel S.
mount: permission denied
mount: permission denied
Activating lvm and md swap...done.
Checking file systems...fsck from util-linux-ng 2.17.2
done.
hostname: you must be root to change the host name
Cleaning up ifupdown....
Setting up networking....
Mounting local filesystems...done.
Activating swapfile swap...done.
Cleaning up temporary files....
Setting kernel variables ...done.
Configuring network interfaces...Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/00:ff:00:00:00:01
Sending on   LPF/eth0/00:ff:00:00:00:01
Sending on   Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 4
DHCPOFFER from 192.168.122.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.122.1
bound to 192.168.122.57 -- renewal in 1506 seconds.
done.
Cleaning up temporary files....
startpar: service(s) returned failure: hostname.sh ... failed!
INIT: Entering runlevel: 2
Using makefile-style concurrent boot in runlevel 2.
Starting OpenBSD Secure Shell server: sshd.
Debian GNU/Linux 6.0  console

 login: root
Password: 

Login incorrect
INIT: Switching to runlevel: 0
INIT: Sending processes the TERM signal
Using makefile-style concurrent boot in runlevel 0.
Asking all remaining processes to terminate...done.
All processes ended within 1 seconds....done.
Deconfiguring network interfaces...Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/00:ff:00:00:00:01
Sending on   LPF/eth0/00:ff:00:00:00:01
Sending on   Socket/fallback
DHCPRELEASE on eth0 to 192.168.122.1 port 67
done.
Cleaning up ifupdown....
Will now halt.
INIT: no more processes left in this runlevel
root@debian:/var/lib/lxc# # issued lxc-halt on other terminal
root@debian:/var/lib/lxc# chroot squeeze/rootfs/
root@debian:/# passwd
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully
root@debian:/# # pw set to hallo, lxc-debconf didn't set pw given in ncurses mask
root@debian:/# exit
exit
root@debian:/var/lib/lxc# lxc-start -n squeeze
Mount failed for selinuxfs on /selinux:  Operation not permitted
INIT: version 2.88 booting
Using makefile-style concurrent boot in runlevel S.
mount: permission denied
mkdir: cannot create directory `/lib/init/rw/sendsigs.omit.d/': File exists
mount: permission denied
Activating lvm and md swap...done.
Checking file systems...fsck from util-linux-ng 2.17.2
done.
Mounting local filesystems...done.
Activating swapfile swap...done.
hostname: you must be root to change the host name
Cleaning up ifupdown....
Setting up networking....
Cleaning up temporary files....
Setting kernel variables ...done.
Configuring network interfaces...Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/00:ff:00:00:00:01
Sending on   LPF/eth0/00:ff:00:00:00:01
Sending on   Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 6
DHCPOFFER from 192.168.122.1
DHCPREQUEST on eth0 to 255.255.255.255 port 67
DHCPACK from 192.168.122.1
bound to 192.168.122.57 -- renewal in 1361 seconds.
done.
Cleaning up temporary files....
startpar: service(s) returned failure: hostname.sh ... failed!
INIT: Entering runlevel: 2
Using makefile-style concurrent boot in runlevel 2.
Starting OpenBSD Secure Shell server: sshd.

Debian GNU/Linux 6.0  console

 login: root
Password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@:~# echo $HOSTNAME

root@:~# 
INIT: Switching to runlevel: 0
INIT: Sending processes the TERM signal
Using makefile-style concurrent boot in runlevel 0.
Asking all remaining processes to terminate...done.
All processes ended within 1 seconds....done.
Deconfiguring network interfaces...Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/00:ff:00:00:00:01
Sending on   LPF/eth0/00:ff:00:00:00:01
Sending on   Socket/fallback
DHCPRELEASE on eth0 to 192.168.122.1 port 67
done.
Cleaning up ifupdown....
Will now halt.
INIT: no more processes left in this runlevel
root@debian:/var/lib/lxc# # set utsname in config
root@debian:/var/lib/lxc# vi /squeeze/config 
root@debian:/var/lib/lxc# grep utsname squeeze/config 
lxc.utsname                             = hostname-setinconfig
root@debian:/var/lib/lxc# lxc-start -n squeeze
[..]
Starting OpenBSD Secure Shell server: sshd.

Debian GNU/Linux 6.0 hostname-setinconfig console

hostname-setinconfig login: root
Password: 
Last login: Mon Dec 12 11:21:16 UTC 2011 on console
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@hostname-setinconfig:~# cat /etc/hostname
hostname-setinsidelinuxcontainer
root@hostname-setinconfig:~# 
[lxc-halt]
root@debian:/var/lib/lxc# grep hostname squeeze/rootfs/etc/init.d/ifupdown-clean 
# Required-Start:    mountdevsubfs hostname
root@debian:/var/lib/lxc# grep ifupdown-clean squeeze/rootfs/etc/init.d/*
squeeze/rootfs/etc/init.d/ifupdown:# Required-Start:    ifupdown-clean
squeeze/rootfs/etc/init.d/ifupdown:    if [ -x /etc/init.d/ifupdown-clean ]; then
squeeze/rootfs/etc/init.d/ifupdown:      /etc/init.d/ifupdown-clean start
squeeze/rootfs/etc/init.d/ifupdown-clean:# Provides:          ifupdown-clean























					Reply via email to