On 30/09/14 19:28, Michael H. Warfield wrote:
I haven't looked a whole lot into the premade containers, my gut feeling
was that I didn't want to download a whole operating system from this
project, and that I'd be a lot more comfortable taking distribution that
I trust, and making the template manually. This way I know everything
extra that's going into it.
Our templates are pretty barebones. Very minimal. You'll have to add
just about anything you would really want to make a useful container.
I should definitely take a closer look sometime.
It's running Debian Jessie. LXC 1.0.5-3 from package management. And
systemd 208-8 also from package management.
OK... THAT explains a LOT! That systemd option is why you're running
into this problem and you're about to have far worse.
I took a config from an existing container and modified it for what I
thought would work for an unprivileged container. I've attached the
config for osmium. I've also attached the latest trace output from the
lxc-start, as I've fixed a few slight errors in the config since then.
You're going to have to make some additional changes... Make sure you
add "lxc.kmsg = 0" to your container or systemd.journald is going to eat
your CPU time for lunch (and be sure to flush
your /dev/.lxc/user/osmium* directory). There's also some adjustments
that need to be made for mgetty consoles and such. You also need to
link the shutdown unit to the SIGPWR service to allow lxc to shut the
container down gracefully. You might take a look at the Oracle or
Fedora templates for some guidance there.
Will definitely come back to this once it starts up, thank you for the
advice.
osmium@cadmium:~$ find /dev/.lxc/user -ls
9668 0 drwxrwxrwt 3 root root 60 Sep 30 15:38
/dev/.lxc/user
11109 0 drwxr-xr-x 3 427680 427680 60 Sep 30 15:38
/dev/.lxc/user/osmium.3c68b3f0c5eeec7d
11110 0 drwxr-xr-x 2 427680 427680 40 Sep 30 15:38
/dev/.lxc/user/osmium.3c68b3f0c5eeec7d/pts
Bingo!
Ok... So it appears that lxc-start did manage to create your dev
directory properly under the host /dev/.lxc/user.
Now I see the real problem...
The same code that creates that directory creates the symlink
in /home/osmium/.local/share/lxc/osmium. But, the /dev/ directory is
owned by "427680:427680" while the directory containing the symlink is
own by "osmium:osmium" and you then have a permission denied because
427680:427680 doesn't have write permissions
to /home/osmium/.local/share/lxc/osmium.
That's a (the!) problem. I'm just not sure if chown/chgrp is the
correct answer or if you need to add some group membership and add group
write permissions with appropriate host auth secondary groups. Either
way, it's that permission problem that biting you in the rear end.
OK, yes. This was that problem. Fixing it has progressed startup a
little further. It didn't like the lxc.mount.entry for devpts, so I
threw that out for the time being also. Now it's still stuck at
'populating dev' though. I've attached the latest trace in case you help
me again.
osmium@cadmium:~$ lxc-start -n osmium -l trace -o /tmp/xxx7
lxc-start: Operation not permitted - Error creating null
lxc-start: failed to populate /dev in the container
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'osmium'
lxc-start: The container failed to start.
lxc-start: Additional information can be obtained by setting the
--logfile and --log-priority options
Thanks,
Chris
lxc-start 1412115865.294 INFO lxc_start_ui - using rcfile
/home/osmium/.local/share/lxc/osmium/config
lxc-start 1412115865.294 INFO lxc_utils - XDG_RUNTIME_DIR isn't set
in the environment.
lxc-start 1412115865.296 INFO lxc_confile - read uid map: type u nsid
0 hostid 427680 range 65536
lxc-start 1412115865.296 INFO lxc_confile - read uid map: type g nsid
0 hostid 427680 range 65536
lxc-start 1412115865.296 WARN lxc_log - lxc_log_init called with log
already initialized
lxc-start 1412115865.296 INFO lxc_lsm - LSM security driver nop
lxc-start 1412115865.296 INFO lxc_utils - XDG_RUNTIME_DIR isn't set
in the environment.
lxc-start 1412115865.298 DEBUG lxc_conf - allocated pty '/dev/pts/1'
(5/6)
lxc-start 1412115865.298 INFO lxc_conf - tty's configured
lxc-start 1412115865.298 DEBUG lxc_start - sigchild handler set
lxc-start 1412115865.298 DEBUG lxc_console - opening
/home/osmium/.console for console peer
lxc-start 1412115865.298 DEBUG lxc_console - using
'/home/osmium/.console' as console
lxc-start 1412115865.298 DEBUG lxc_console - no console peer
lxc-start 1412115865.628 INFO lxc_start - 'osmium' is initialized
lxc-start 1412115865.659 DEBUG lxc_start - Not dropping cap_sys_boot
or watching utmp
lxc-start 1412115865.659 INFO lxc_start - Cloning a new user namespace
lxc-start 1412115865.659 INFO lxc_cgroup - cgroup driver cgroupfs
initing for osmium
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.deny' set to
'a'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c *:* m'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'b *:* m'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 5:1 rwm'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 10:229 rwm'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 1:3 rwm'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 5:2 rwm'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 136:* rwm'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 1:8 rwm'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 254:0 rwm'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 5:0 rwm'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 1:9 rwm'
lxc-start 1412115865.663 DEBUG lxc_cgfs - cgroup 'devices.allow' set
to 'c 1:5 rwm'
lxc-start 1412115865.663 INFO lxc_cgfs - cgroup has been setup
lxc-start 1412115865.767 NOTICE lxc_start - switching to gid/uid 0 in
new user namespace
lxc-start 1412115865.771 DEBUG lxc_conf - mounted
'/home/osmium/.local/share/lxc/osmium/rootfs' on
'/usr/lib/x86_64-linux-gnu/lxc/rootfs'
lxc-start 1412115865.771 INFO lxc_conf - 'osmium' hostname has been
setup
lxc-start 1412115865.772 DEBUG lxc_conf - mac address
'00:16:3e:73:bd:de' on 'eth0' has been setup
lxc-start 1412115865.772 DEBUG lxc_conf - 'eth0' has been setup
lxc-start 1412115865.772 INFO lxc_conf - network has been setup
lxc-start 1412115865.772 DEBUG lxc_conf - Set exec command to
/sbin/init
lxc-start 1412115865.772 INFO lxc_conf - Container with systemd init
detected - enabling autodev!
lxc-start 1412115865.772 INFO lxc_conf - Mounting /dev under
/usr/lib/x86_64-linux-gnu/lxc/rootfs
lxc-start 1412115865.772 DEBUG lxc_conf - entering mount_check_fs for
/dev
lxc-start 1412115865.773 DEBUG lxc_conf - mount_check_fs returning 1
last devtmpfs
lxc-start 1412115865.773 INFO lxc_conf - Setup in /dev/.lxc failed.
Trying /dev/.lxc/user.
lxc-start 1412115865.773 DEBUG lxc_conf - Bind mounting
/dev/.lxc/user/osmium.3c68b3f0c5eeec7d to
/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev
lxc-start 1412115865.773 INFO lxc_conf - Mounted /dev under
/usr/lib/x86_64-linux-gnu/lxc/rootfs
lxc-start 1412115865.773 DEBUG lxc_conf - mounted 'proc' on
'/usr/lib/x86_64-linux-gnu/lxc/rootfs//proc', type 'proc'
lxc-start 1412115865.774 DEBUG lxc_conf - mounted 'sysfs' on
'/usr/lib/x86_64-linux-gnu/lxc/rootfs//sys', type 'sysfs'
lxc-start 1412115865.774 INFO lxc_conf - mount points have been setup
lxc-start 1412115865.774 INFO lxc_conf - Creating initial consoles
under /usr/lib/x86_64-linux-gnu/lxc/rootfs/dev
lxc-start 1412115865.774 INFO lxc_conf - Populating /dev under
/usr/lib/x86_64-linux-gnu/lxc/rootfs
lxc-start 1412115865.774 ERROR lxc_conf - Operation not permitted -
Error creating null
lxc-start 1412115865.774 ERROR lxc_conf - failed to populate /dev in
the container
lxc-start 1412115865.774 ERROR lxc_start - failed to setup the
container
lxc-start 1412115865.774 ERROR lxc_sync - invalid sequence number 1.
expected 2
lxc-start 1412115865.774 INFO lxc_utils - XDG_RUNTIME_DIR isn't set
in the environment.
lxc-start 1412115865.835 ERROR lxc_start - failed to spawn 'osmium'
lxc-start 1412115865.836 INFO lxc_utils - XDG_RUNTIME_DIR isn't set
in the environment.
lxc-start 1412115865.836 INFO lxc_utils - XDG_RUNTIME_DIR isn't set
in the environment.
lxc-start 1412115865.837 ERROR lxc_start_ui - The container failed to
start.
lxc-start 1412115865.837 ERROR lxc_start_ui - Additional information
can be obtained by setting the --logfile and --log-priority options.
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
