Stephane Thanks... I've tried everything else I could think of so I'll give that a shot and see what happens.
A few months ago I think this all worked but my memory is so good anymore :-) I'll let you know what happens. Brian On Fri, Mar 15, 2019 at 11:19 AM Stéphane Graber <[email protected]> wrote: > On Fri, Mar 15, 2019 at 10:41:55AM -0400, brian mullan wrote: > > I am encountering a strange problem with Nested LXD on AWS EC2 Ubuntu > 18.04 > > instances... > > > > > > > > > > > > > > > > > > > *snap 2.37.4snapd 2.37.4series 16ubuntu 18.04kernel > > > 4.15.0-46-genericLXD 3.11* > > > > > > In my AWS 18.04 host I install SNAP LXD and create an Ubuntu 18.04 > > container lets call *"parent"* > > > > I enable Nesting for *"parent"* > > > > I enter "parent" and apt-get update, apt-get upgrade ... no problem > > > > In "parent" I also install SNAP LXD and create an Ubuntu 18.04 container > > lets call *"child"* > > > > I enter "child" and when I try to "*apt-get update, apt-get upgrade*" > ... I > > see the very *same* packages to be upgraded > > as I did when I upgrade "*parent*" ... however in *"child"* I get errors > > related to apport, udev ?? > > > > I also see failure messages related to systemd-networkd.service access > > denied etc (see below) > > > > Note: I tried this on a local KVM Ubuntu 18.04 VM > > > > *These are some of the packages that would be updated/upgraded in BOTH > the > > "parent" and "child" Ubuntu 18.04 container on an AWS EC2 Ubuntu Bionic > > instance:* > > > > The following package was automatically installed and is no longer > required: > > libfreetype6 > > Use 'apt autoremove' to remove it. > > The following packages will be upgraded: > > *apport* libnss-systemd libpam-modules libpam-modules-bin > libpam-runtime > > libpam-systemd libpam0g libseccomp2 libsystemd0 libudev1 > > libxcb1 python3-apport python3-problem-report snapd systemd > systemd-sysv* > > udev* > > 17 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. > > Need to get 19.9 MB of archives. > > After this operation, 49.2 kB of additional disk space will be used. > > Do you want to continue? [Y/n] > > > > *Here are some of the errors that result...* > > > > (Reading database ... 28595 files and directories currently installed.) > > Preparing to unpack .../libpam-runtime_1.1.8-3.6ubuntu2.18.04.1_all.deb > ... > > Unpacking libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) over > (1.1.8-3.6ubuntu2) > > ... > > Setting up libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) ... > > Setting up systemd (237-3ubuntu10.15) ... > > *Failed to try-restart systemd-networkd.service: Access denied* > > See system logs and 'systemctl status systemd-networkd.service' for > details. > > *Failed to try-restart systemd-resolved.service: Access denied* > > See system logs and 'systemctl status systemd-resolved.service' for > details. > > *Failed to try-restart systemd-timesyncd.service: Access denied* > > See system logs and 'systemctl status systemd-timesyncd.service' for > > details. > > *Failed to try-restart systemd-journald.service: Access denied* > > See system logs and 'systemctl status systemd-journald.service' for > details. > > (Reading database ... 28595 files and directories currently installed.) > > Preparing to unpack .../systemd-sysv_237-3ubuntu10.15_amd64.deb ... > > Unpacking systemd-sysv (237-3ubuntu10.15) over (237-3ubuntu10.13) ... > > Preparing to unpack .../libseccomp2_2.3.1-2.1ubuntu4.1_amd64.deb ... > > Unpacking libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) over (2.3.1-2.1ubuntu4) > ... > > Setting up libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) ... > > (Reading database ... 28595 files and directories currently installed.) > > Preparing to unpack .../libxcb1_1.13-2~ubuntu18.04_amd64.deb ... > > Unpacking libxcb1:amd64 (1.13-2~ubuntu18.04) over (1.13-1) ... > > Preparing to unpack .../python3-problem-report_2.20.9-0ubuntu7.6_all.deb > ... > > Unpacking python3-problem-report (2.20.9-0ubuntu7.6) over > > (2.20.9-0ubuntu7.5) ... > > Preparing to unpack .../python3-apport_2.20.9-0ubuntu7.6_all.deb ... > > Unpacking python3-apport (2.20.9-0ubuntu7.6) over (2.20.9-0ubuntu7.5) ... > > Preparing to unpack .../apport_2.20.9-0ubuntu7.6_all.deb ... > > *Failed to retrieve unit state: Access denied* > > *invoke-rc.d: could not determine current runlevel* > > *Failed to reload daemon: Access denied* > > > > *So I interrupted the script that was doing the above attempt at apt > > update && apt upgrade -y * > > *and opened a terminal and t**hen.. and tried this:* > > > > lxc exec test bash > > apt update && apt upgrade > > > > But of course because i'd interrupted the above apt upgrade I had to do > *dpkg > > --configure -a* > > > > *dpkg --configure -a* > > Setting up libnss-systemd:amd64 (237-3ubuntu10.15) ... > > Processing triggers for ureadahead (0.100.0-20) ... > > Setting up systemd-sysv (237-3ubuntu10.15) ... > > Setting up python3-problem-report (2.20.9-0ubuntu7.6) ... > > Processing triggers for libc-bin (2.27-3ubuntu1) ... > > Setting up udev (237-3ubuntu10.15) ... > > *Failed to reload daemon: Access denied* > > dpkg: error processing package udev (--configure): > > installed udev package post-installation script subprocess was > interrupted > > Processing triggers for man-db (2.8.3-2ubuntu0.1) ... > > Processing triggers for dbus (1.12.2-1ubuntu1) ... > > *Failed to open connection to "system" message bus: Failed to query > > AppArmor policy: Permission denied* > > Setting up libxcb1:amd64 (1.13-2~ubuntu18.04) ... > > Setting up libpam-systemd:amd64 (237-3ubuntu10.15) ... > > Setting up python3-apport (2.20.9-0ubuntu7.6) ... > > dpkg: error processing package apport (--configure): > > package is in a very bad inconsistent state; you should > > reinstall it before attempting configuration > > Processing triggers for libc-bin (2.27-3ubuntu1) ... > > *Errors were encountered while processing:* > > * udev* > > * apport* > > > > *I went back and tried to reinstall apport...* > > > > # apt install --reinstall apport > > Reading package lists... Done > > Building dependency tree > > Reading state information... Done > > The following package was automatically installed and is no longer > required: > > libfreetype6 > > Use 'apt autoremove' to remove it. > > Suggested packages: > > apport-gtk | apport-kde > > The following packages will be upgraded: > > apport > > 1 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. > > 2 not fully installed or removed. > > Need to get 0 B/124 kB of archives. > > After this operation, 0 B of additional disk space will be used. > > (Reading database ... 28595 files and directories currently installed.) > > Preparing to unpack .../apport_2.20.9-0ubuntu7.6_all.deb ... > > *Failed to retrieve unit state: Access denied* > > *invoke-rc.d: could not determine current runlevel* > > *Failed to reload daemon: Access denied* > > > > ====================================== > > > > Does anyone have any idea what might be causing this? > > Again this is happening on AWS and on a local KVM Ubuntu VM. > > Sounds like AppArmor messing with things in this case. > Does enabling nesting for your nested container help somehow (the > generated rules will change a bit as a result of that)? > > I'm pretty sure that if you look at `dmesg` you'll see some denials > related to those package updates. I suspect the main difference between > the two containers, other than the nested flag is that the parent > container has its own apparmor namespace whereas the child has to run > under a single apparmor profile as apparmor namespaces do not currently > nest. > > > > > Thanks for any ideas or suggestions. > > > > Brian > > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > -----BEGIN PGP SIGNATURE----- > > iQIzBAABCgAdFiEEYC9WdmPlk7y9FPM4xjiXTWR5LWcFAlyLwloACgkQxjiXTWR5 > LWeU9RAArKFs4T4v3sUzbAC3hgKE8BuhACFOHzoKcrxFaKLSiydBNL4zDRdwPSlG > 6o3kLRjVTrxaVXcaCwV/HQ5W7bRsott96+KoDla8JDMfNYhUk0PxTq8SXMJADESv > VSxXau92hqXTskiME9sIhg46yYa9bftTv/YWMHt5qymlP+uCqEkpkFlBILXs1WNn > vkhnQ6YgEw5tvcXZEONC4FPRt8u9zoQSiBTMu83VHKrcqo6+aBP1i08SFiM8zcv1 > /kzPRIdj+6AuemoKW42C3unKyhCl5hR38sIyhtJXhzmencKQmRsCJG260PME7Ubz > LEUX7eyAH1+csiqBTSVpQQA2/YVeMQWCZ3jQxQ3GQtz9fKojsrBgKoqrLKF7lbew > tLznOKWw26uXVwuvUrXSOjwgzSeqciaD4SbyB5HGWXhn7OWygVF/563HO6y0N3fM > 1Odi1QiGFvJ7aUCNkXTiuymfmnDAwKNKJle8QCSn45/Lp88A7x3OG9e4KIMSFKCS > O7vDC0/mfaO9OcWCROyrd5GjzPMTgwsA7mgq7pzVsVlnHwld8ht+5S+7c7uKy1q0 > nHsh24wgQYToEBFaak7xVwGWyF/snsJPCpOw+FkvxmHHaqNKSSUc1zqYJydaaCL2 > 0i3OU7RJGM7YworVM7ILjvC3DdY9i9rh0UqclO1aoblAtPOnTXs= > =21Zu > -----END PGP SIGNATURE----- >
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
