Re: [lxc-devel] ramfs userns /proc umount2

Wed, 29 Jul 2015 07:15:13 -0700 

Yes, commenting out 'return -1' makes it starts and it seems to behave 
correctly.

The /proc/self/mountinfo done from inside the container is empty (as no proc is 
mounted).
If I mount it (by lxc.mount.auto or directly inside the container) then:

42 20 0:2 /containers/mycnt/rootfs / rw - rootfs rootfs 
rw,size=90972k,nr_inodes=22743
43 42 0:19 / /dev rw,nodev,relatime - tmpfs none 
rw,size=100k,mode=755,uid=100000,gid=100000
44 43 0:5 /null /dev/null rw,relatime - devtmpfs devtmpfs 
rw,size=90972k,nr_inodes=22743,mode=755
45 43 0:5 /zero /dev/zero rw,relatime - devtmpfs devtmpfs 
rw,size=90972k,nr_inodes=22743,mode=755
46 43 0:5 /full /dev/full rw,relatime - devtmpfs devtmpfs 
rw,size=90972k,nr_inodes=22743,mode=755
47 43 0:5 /urandom /dev/urandom rw,relatime - devtmpfs devtmpfs 
rw,size=90972k,nr_inodes=22743,mode=755
48 43 0:5 /random /dev/random rw,relatime - devtmpfs devtmpfs 
rw,size=90972k,nr_inodes=22743,mode=755
49 43 0:5 /tty /dev/tty rw,relatime - devtmpfs devtmpfs 
rw,size=90972k,nr_inodes=22743,mode=755
50 43 0:5 /console /dev/console rw,relatime - devtmpfs devtmpfs 
rw,size=90972k,nr_inodes=22743,mode=755
51 50 0:11 /0 /dev/console rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=000
52 42 0:2 /shared /tmp rw - rootfs rootfs rw,size=90972k,nr_inodes=22743
30 43 0:20 / /dev/pts rw,relatime - devpts devpts 
rw,gid=100005,mode=620,ptmxmode=666
31 43 0:20 /0 /dev/tty1 rw,relatime - devpts devpts 
rw,gid=100005,mode=620,ptmxmode=666
32 42 0:18 / /proc rw,nodev,relatime - proc proc rw


BTW. Just to be exact, in first mount log before starting lxc I forgot to 
enable cloning, so the exact line is:
19 18 0:16 / /sys/fs/cgroup rw,relatime - cgroup cgroup 
rw,cpuset,cpuacct,memory,devices,freezer,net_cls,clone_children
instead of:
19 18 0:16 / /sys/fs/cgroup rw,relatime - cgroup cgroup 
rw,cpuset,cpuacct,memory,devices,freezer,net_cls

On 29.07.2015 15:32, Serge Hallyn wrote:
> If you rebuild lxc patching that paragraph to warn but not return
> failure when the umount of './proc' fails, does the container start
> properly?  What does /proc/self/mountinfo inside the container then
> look like?
> 
> -serge
> 
> Quoting Przemyslaw Rudy ([email protected]):
>> /proc/self/mountinfo before the lxc-start:
>>
>> 1 1 0:2 / / rw - rootfs rootfs rw,size=90972k,nr_inodes=22743
>> 13 1 0:5 / /dev rw,relatime - devtmpfs devtmpfs 
>> rw,size=90972k,nr_inodes=22743,mode=755
>> 14 1 0:4 / /proc rw,relatime - proc proc rw
>> 15 13 0:11 / /dev/pts rw,relatime - devpts devpts 
>> rw,gid=5,mode=620,ptmxmode=000
>> 16 13 0:13 / /dev/shm rw,relatime - tmpfs tmpfs rw,mode=777
>> 17 1 0:14 / /tmp rw,relatime - tmpfs tmpfs rw
>> 18 1 0:15 / /sys rw,relatime - sysfs sysfs rw
>> 19 18 0:16 / /sys/fs/cgroup rw,relatime - cgroup cgroup 
>> rw,cpuset,cpuacct,memory,devices,freezer,net_cls
>>
>>
>> On 07/29/2015 04:07 AM, Serge Hallyn wrote:
>>> I suspect you're right and we should simply ignore the failure.
>>>
>>> Can you show /proc/self/mountinfo before the lxc-start?
>>>
>>> Quoting Przemyslaw Rudy ([email protected]):
>>>> -1 is rv, errno is 22 EINVAL
>>>>
>>>> The log:
>>>>       lxc-start         40.086 INFO     lxc_start_ui - 
>>>> lxc_start.c:main:264 - using rcfile /containers/mycnt/config
>>>>       lxc-start         40.087 INFO     lxc_confile - 
>>>> confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 100000 
>>>> range 65536
>>>>       lxc-start         40.087 INFO     lxc_confile - 
>>>> confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 100000 
>>>> range 65536
>>>>       lxc-start         40.087 WARN     lxc_cgfs - 
>>>> cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpuset 
>>>> unknown to /containers mycnt
>>>>       lxc-start         40.087 DEBUG    lxc_start - 
>>>> start.c:setup_signal_fd:259 - sigchild handler set
>>>>       lxc-start         40.089 DEBUG    lxc_console - 
>>>> console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer
>>>>       lxc-start         40.089 DEBUG    lxc_console - 
>>>> console.c:lxc_console_peer_default:506 - using '/dev/tty' as console
>>>>       lxc-start         40.089 DEBUG    lxc_console - 
>>>> console.c:lxc_console_sigwinch_init:179 - 509 got SIGWINCH fd 9
>>>>       lxc-start         40.089 DEBUG    lxc_console - 
>>>> console.c:lxc_console_winsz:88 - set winsz dstfd:6 cols:0 rows:0
>>>>       lxc-start         40.089 INFO     lxc_start - start.c:lxc_init:451 - 
>>>> 'mycnt' is initialized
>>>>       lxc-start         40.095 DEBUG    lxc_start - 
>>>> start.c:__lxc_start:1137 - Not dropping cap_sys_boot or watching utmp
>>>>       lxc-start         40.097 INFO     lxc_start - 
>>>> start.c:resolve_clone_flags:848 - Cloning a new user namespace
>>>>       lxc-start         40.112 DEBUG    lxc_conf - 
>>>> conf.c:instantiate_veth:2703 - instantiated veth 'veth-mycnt/vethNPPNHE', 
>>>> index is '12'
>>>>       lxc-start         40.112 INFO     lxc_cgroup - 
>>>> cgroup.c:cgroup_init:65 - cgroup driver cgroupfs initing for mycnt
>>>>       lxc-start         40.122 DEBUG    lxc_conf - 
>>>> conf.c:lxc_assign_network:3120 - move 'eth0' to '512'
>>>>       lxc-start         40.122 NOTICE   lxc_start - start.c:do_start:667 - 
>>>> switching to gid/uid 0 in new user namespace
>>>>       lxc-start         40.125 DEBUG    lxc_conf - 
>>>> conf.c:setup_rootfs:1284 - mounted '/containers/mycnt/rootfs' on 
>>>> '/usr/lib/lxc/rootfs'
>>>>       lxc-start         40.125 INFO     lxc_conf - 
>>>> conf.c:setup_utsname:919 - 'mycnt' hostname has been setup
>>>>       lxc-start         40.153 DEBUG    lxc_conf - 
>>>> conf.c:setup_netdev:2479 - 'eth0' has been setup
>>>>       lxc-start         40.153 INFO     lxc_conf - 
>>>> conf.c:setup_network:2500 - network has been setup
>>>>       lxc-start         40.153 INFO     lxc_conf - 
>>>> conf.c:mount_autodev:1148 - Mounting /dev under /usr/lib/lxc/rootfs
>>>>       lxc-start         40.153 INFO     lxc_conf - 
>>>> conf.c:mount_autodev:1169 - Mounted tmpfs onto /usr/lib/lxc/rootfs/dev
>>>>       lxc-start         40.153 INFO     lxc_conf - 
>>>> conf.c:mount_autodev:1187 - Mounted /dev under /usr/lib/lxc/rootfs
>>>>       lxc-start         40.153 DEBUG    lxc_conf - conf.c:mount_entry:1735 
>>>> - remounting /shared on /usr/lib/lxc/rootfs/tmp to respect bind or remount 
>>>> optios
>>>>       lxc-start         40.153 DEBUG    lxc_conf - conf.c:mount_entry:1750 
>>>> - (at remount) flags for /shared was 0, required extra flags are 0
>>>>       lxc-start         40.153 DEBUG    lxc_conf - conf.c:mount_entry:1759 
>>>> - mountflags already was 4098, skipping remount
>>>>       lxc-start         40.153 DEBUG    lxc_conf - conf.c:mount_entry:1785 
>>>> - mounted '/shared' on '/usr/lib/lxc/rootfs/tmp', type 'none'
>>>>       lxc-start         40.153 INFO     lxc_conf - 
>>>> conf.c:mount_file_entries:2034 - mount points have been setup
>>>>       lxc-start         40.153 INFO     lxc_conf - 
>>>> conf.c:fill_autodev:1215 - Creating initial consoles under 
>>>> /usr/lib/lxc/rootfs/dev
>>>>       lxc-start         40.153 INFO     lxc_conf - 
>>>> conf.c:fill_autodev:1226 - Populating /dev under /usr/lib/lxc/rootfs
>>>>       lxc-start         40.154 INFO     lxc_conf - 
>>>> conf.c:fill_autodev:1258 - Populated /dev under /usr/lib/lxc/rootfs
>>>>       lxc-start         40.154 INFO     lxc_conf - 
>>>> conf.c:setup_dev_console:1515 - console has been setup
>>>>       lxc-start         40.154 INFO     lxc_conf - 
>>>> conf.c:do_tmp_proc_mount:3576 - I am 1, /proc/self points to ''
>>>>       lxc-start         40.161 INFO     lxc_conf - 
>>>> conf.c:do_tmp_proc_mount:3602 - Mounted /proc in container for security 
>>>> transition
>>>>       lxc-start         40.500 ERROR    lxc_conf - 
>>>> conf.c:prepare_ramfs_root:1378 - Invalid argument - Unable to umount /proc
>>>>       lxc-start         40.500 ERROR    lxc_conf - conf.c:lxc_setup:3917 - 
>>>> failed to set rootfs for 'mycnt'
>>>>       lxc-start         40.500 ERROR    lxc_start - start.c:do_start:699 - 
>>>> failed to setup the container
>>>>       lxc-start         40.500 ERROR    lxc_sync - sync.c:__sync_wait:51 - 
>>>> invalid sequence number 1. expected 2
>>>>       lxc-start         40.500 WARN     lxc_conf - 
>>>> conf.c:lxc_delete_network:2996 - failed to remove interface 'eth0'
>>>>       lxc-start         40.515 ERROR    lxc_start - 
>>>> start.c:__lxc_start:1164 - failed to spawn 'mycnt'
>>>>       lxc-start         40.669 ERROR    lxc_start_ui - 
>>>> lxc_start.c:main:344 - The container failed to start.
>>>>       lxc-start         40.669 ERROR    lxc_start_ui - 
>>>> lxc_start.c:main:348 - Additional information can be obtained by setting 
>>>> the --logfile and --logprio.
>>>>
>>>>
>>>> On 07/28/2015 05:09 PM, Serge Hallyn wrote:
>>>>> Quoting Przemyslaw Rudy ([email protected]):
>>>>>> Referring to this patch:
>>>>>> https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-October/010604.html
>>>>>>
>>>>>> Starting lxc with userns in prepare_ramfs_root() I got -1 from:
>>>>>
>>>>> rv or errno?
>>>>>
>>>>>> if (umount2("./proc", MNT_DETACH)) {
>>>>>>
>>>>>> Shall this error be rather ignored in case of userns? Thus the same
>>>>>> logic as for other mount points processed by mentioned function?
>>>>>
>>>>> Can you give full (-l trace -o debug.output) startup log?
>>>>> _______________________________________________
>>>>> lxc-devel mailing list
>>>>> [email protected]
>>>>> http://lists.linuxcontainers.org/listinfo/lxc-devel
>>>>>
>>>> _______________________________________________
>>>> lxc-devel mailing list
>>>> [email protected]
>>>> http://lists.linuxcontainers.org/listinfo/lxc-devel
>>> _______________________________________________
>>> lxc-devel mailing list
>>> [email protected]
>>> http://lists.linuxcontainers.org/listinfo/lxc-devel
>>>
>> _______________________________________________
>> lxc-devel mailing list
>> [email protected]
>> http://lists.linuxcontainers.org/listinfo/lxc-devel
> _______________________________________________
> lxc-devel mailing list
> [email protected]
> http://lists.linuxcontainers.org/listinfo/lxc-devel
> 
_______________________________________________
lxc-devel mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to