Re: [Lxc-users] setrlimit(3) and containers

Mikhail Gusarov Fri, 02 Apr 2010 12:40:36 -0700

Twas brillig at 09:47:33 01.04.2010 UTC-05 when se...@us.ibm.com did gyre and 
gimble:


 >> Here process drops root privileges, setuids to uid=103 and limits itself
 >> to 3 processes with this uid. Clone fails due to fact there are two
 >> processes with uid=103 running in another container.
 >> 
 >> Is it a known limitation, or maybe this is already handled in newer
 >> kernels? (I use 2.6.32)

 SEH> Hmm, you'll need to unshare the user namespace.  Try adding
 SEH> CLONE_NEWUSER to the list assigned to clone_flags at
 SEH> lxc/src/lxc/start.c line 353.

I tried, and was hit by the following problem:

[dotted...@vertex:~]255% sudo lxc-start -n cf                                   
       
lxc-start: Device or resource busy - could not unmount old rootfs
lxc-start: failed to pivot_root to '/var/lib/lxc/cf/rootfs'
lxc-start: failed to set rootfs for 'cf'
lxc-start: failed to setup the container

See below for debugging output, config file and /proc/mounts.

* debugging output *

[dotted...@vertex:~]255% sudo lxc-start --logfile=/dev/stderr 
--logpriority=TRACE -n cf
      lxc-start 1270237130.601 INFO     lxc_conf - tty's configured
      lxc-start 1270237130.601 DEBUG    lxc_start - sigchild handler set
      lxc-start 1270237130.601 INFO     lxc_start - 'cf' is initialized
      lxc-start 1270237130.608 DEBUG    lxc_conf - instanciated veth 
'vethgrPrSt/vethQ8TUw5', index is '61'
      lxc-start 1270237130.615 DEBUG    lxc_cgroup - using cgroup mounted at 
'/var/local/cgroup'
      lxc-start 1270237130.615 DEBUG    lxc_cgroup - '/var/local/cgroup/21745' 
renamed to '/var/local/cgroup/cf'
      lxc-start 1270237130.639 DEBUG    lxc_conf - move 'br0' to '21745'
      lxc-start 1270237130.639 INFO     lxc_conf - 'cf' hostname has been setup
      lxc-start 1270237130.643 DEBUG    lxc_conf - 'eth0' has been setup
      lxc-start 1270237130.643 INFO     lxc_conf - network has been setup
      lxc-start 1270237130.643 INFO     lxc_conf - mount points have been setup
      lxc-start 1270237130.643 INFO     lxc_conf - console '/dev/pts/0' mounted 
to '/var/lib/lxc/cf/rootfs/dev/console'
      lxc-start 1270237130.643 INFO     lxc_conf - 4 tty(s) has been setup
      lxc-start 1270237130.644 DEBUG    lxc_conf - temporary mountpoint for old 
rootfs is './lxc-oldrootfs-cCEeJU'
      lxc-start 1270237130.644 DEBUG    lxc_conf - pivot_root syscall to 
'/lxc-oldrootfs-cCEeJU' successful
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/dev/pts'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/dev/shm'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/sys/fs/fuse/connections'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/sys/kernel/debug'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/sys/kernel/security'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/proc/sys/fs/binfmt_misc'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/var/run'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/var/lock'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/lib/init/rw'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/boot'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home/scratchbox/users/dottedmag/scratchbox'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home/scratchbox/users/dottedmag/tmp'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home/scratchbox/users/dottedmag/proc'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home/scratchbox/users/dottedmag/dev/pts'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home/scratchbox/users/dottedmag/dev/shm'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home/scratchbox/users/dottedmag/sys'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home/dottedmag/samba'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home/dottedmag/.gvfs'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/var/local/cgroup'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/var/lib/lxc/cf/rootfs/dev/console'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/var/lib/lxc/cf/rootfs/dev/tty1'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/var/lib/lxc/cf/rootfs/dev/tty2'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/var/lib/lxc/cf/rootfs/dev/tty3'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/var/lib/lxc/cf/rootfs/dev/tty4'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/dev'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/sys'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/proc'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home/scratchbox/users/dottedmag/dev'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/var'
      lxc-start 1270237130.645 DEBUG    lxc_conf - umounted 
'/lxc-oldrootfs-cCEeJU/home'
      lxc-start 1270237130.645 ERROR    lxc_conf - Device or resource busy - 
could not unmount old rootfs
lxc-start: Device or resource busy - could not unmount old rootfs
      lxc-start 1270237130.646 ERROR    lxc_conf - failed to pivot_root to 
'/var/lib/lxc/cf/rootfs'
lxc-start: failed to pivot_root to '/var/lib/lxc/cf/rootfs'
      lxc-start 1270237130.646 ERROR    lxc_conf - failed to set rootfs for 'cf'
lxc-start: failed to set rootfs for 'cf'
      lxc-start 1270237130.646 ERROR    lxc_start - failed to setup the 
container
lxc-start: failed to setup the container
      lxc-start 1270237130.646 NOTICE   lxc_start - '/sbin/init' started with 
pid '21745'
      lxc-start 1270237130.646 DEBUG    lxc_utils - closing fd '1'
      lxc-start 1270237130.646 DEBUG    lxc_utils - closing fd '0'
      lxc-start 1270237130.646 DEBUG    lxc_utils - closed all inherited file 
descriptors
      lxc-start 1270237130.655 DEBUG    lxc_start - child exited
      lxc-start 1270237130.655 INFO     lxc_error - child <21745> ended on 
error (255)
      lxc-start 1270237130.656 DEBUG    lxc_cgroup - using cgroup mounted at 
'/var/local/cgroup'
      lxc-start 1270237130.671 DEBUG    lxc_cgroup - '/var/local/cgroup/cf' 
unlinked

* Config file *

lxc.utsname=cf

lxc.network.type=veth
lxc.network.flags=up
lxc.network.link=br0

lxc.pts=256
lxc.tty=4

lxc.rootfs=/var/lib/lxc/cf/rootfs

* /proc/mounts *

rootfs / rootfs rw 0 0
none /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
none /proc proc rw,nosuid,nodev,noexec,relatime 0 0
none /dev devtmpfs rw,relatime,size=2000752k,nr_inodes=206669,mode=755 0 0
none /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
/dev/mapper/vertex-root / ext4 
rw,noatime,errors=remount-ro,barrier=1,data=ordered 0 0
none /sys/fs/fuse/connections fusectl rw,relatime 0 0
none /sys/kernel/debug debugfs rw,relatime 0 0
none /sys/kernel/security securityfs rw,relatime 0 0
none /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
none /var/run tmpfs rw,nosuid,relatime,mode=755 0 0
none /var/lock tmpfs rw,nosuid,nodev,noexec,relatime 0 0
none /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
/dev/sda1 /boot ext4 rw,noatime,barrier=1,data=ordered 0 0
/dev/mapper/vertex-home /home ext4 rw,noatime,barrier=1,data=ordered 0 0
/dev/mapper/vertex-var /var ext4 rw,noatime,barrier=1,data=ordered 0 0
none /var/run tmpfs rw,nosuid,relatime,mode=755 0 0
none /var/lock tmpfs rw,nosuid,nodev,noexec,relatime 0 0
cgroup /var/local/cgroup cgroup 
rw,relatime,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
/dev/mapper/vertex-home /home/scratchbox/users/dottedmag/scratchbox ext4 
rw,noatime,barrier=1,data=ordered 0 0
/dev/mapper/vertex-root /home/scratchbox/users/dottedmag/tmp ext4 
rw,noatime,errors=remount-ro,barrier=1,data=ordered 0 0
none /home/scratchbox/users/dottedmag/proc proc rw,nosuid,nodev,noexec,relatime 
0 0
none /home/scratchbox/users/dottedmag/dev devtmpfs 
rw,relatime,size=2000752k,nr_inodes=206669,mode=755 0 0
none /home/scratchbox/users/dottedmag/dev/pts devpts 
rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
none /home/scratchbox/users/dottedmag/dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
none /home/scratchbox/users/dottedmag/sys sysfs rw,nosuid,nodev,noexec,relatime 
0 0
fusesmb /home/dottedmag/samba fuse.fusesmb 
rw,nosuid,nodev,relatime,user_id=1000,group_id=1000,max_read=32768 0 0
gvfs-fuse-daemon /home/dottedmag/.gvfs fuse.gvfs-fuse-daemon 
rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0


-- 
  http://fossarchy.blogspot.com/

pgpnGJivtCOdm.pgp
Description: PGP signature

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] setrlimit(3) and containers

Reply via email to