Bug#706676: sysvinit: /sbin/init doesn't support LXC gracefull shutdown via lxc-shutdown
The problem is lxc has to watch the jail's utmp file to guess when it wants to halt, because Linux kernels before version 3.4 does not provide any function to reboot or halt a container from inside. It has leaded to a dirty hack in lxc-utils that failed now. First problem is the overlaid /run; the Wheezy initscript mounts a tmpfs in /run and (re)creates utmp file there but lxc-utils won't notice it. This could be fixed several ways: 1. do not give permission for the container to mount file systems, drop sys_admin capability 2. mount tmpfs in /run from the container's lxc config before the container mounts it Second problem is the absolute symlink in /var/run; lxc-utils does not expect absolute symlink there so it will watch the host's utmp file for changes that pretty useless. You cannot replace this absolute link in a Wheezy container, the initscript will restore that on next boot. A trivial solution to patch lxc-utils to prefer /run over /var/run for utmp watching, see my attachment. Yes, my patch just an another hack, but not worth much effort to properly fix it, because the next Debian-stable will get rid of this utmp-hack as the kernel will support reboot() in process namespaces.. prefer_run_for_utmp_watching.diff Description: Binary data
Bug#706676: sysvinit: /sbin/init doesn't support LXC gracefull shutdown via lxc-shutdown
Package: sysvinit Version: 2.88dsf-41 Followup-For: Bug #706676 I just discovered that not dropping the ``sys_boot`` capability from a container fixes the issue, plus it allows the container to properly reboot (instead of launching a bare shell in the case of Debian containers). So maybe it was the old kernel which handled that capability in an incorrect way and the problem is not in sysvinit at all. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sysvinit depends on: ii debianutils 4.3.4 ii initscripts 2.88dsf-41 ii libc6 2.17-5 ii libselinux1 2.1.13-2 ii libsepol1 2.1.9-2 ii sysv-rc 2.88dsf-41 ii sysvinit-utils 2.88dsf-41 sysvinit recommends no packages. sysvinit suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#706676: sysvinit: /sbin/init doesn't support LXC gracefull shutdown via lxc-shutdown
Package: sysvinit Version: 2.88dsf-41 Followup-For: Bug #706676 The bug still exists with kernel 3.9-1-amd64 (3.9.5-1). -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.9-1-amd64 (SMP w/2 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sysvinit depends on: ii debianutils 4.3.4 ii initscripts 2.88dsf-41 ii libc6 2.17-5 ii libselinux1 2.1.13-2 ii libsepol1 2.1.9-2 ii sysv-rc 2.88dsf-41 ii sysvinit-utils 2.88dsf-41 sysvinit recommends no packages. sysvinit suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#706676: sysvinit: /sbin/init doesn't support LXC gracefull shutdown via lxc-shutdown
Package: sysvinit Version: 2.88dsf-41 Followup-For: Bug #706676 In my case the container terminates correctly when using kernel 3.2.0-4, but it needs the lxc-stop with kernel 3.8-2. The rest of software is the same. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.8-2-amd64 (SMP w/2 CPU cores) Locale: LANG=ca_ES.UTF-8, LC_CTYPE=ca_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sysvinit depends on: ii debianutils 4.3.4 ii initscripts 2.88dsf-41 ii libc6 2.17-3 ii libselinux1 2.1.13-2 ii libsepol1 2.1.9-2 ii sysv-rc 2.88dsf-41 ii sysvinit-utils 2.88dsf-41 sysvinit recommends no packages. sysvinit suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#706676: sysvinit: /sbin/init doesn't support LXC gracefull shutdown via lxc-shutdown
I am affected by this problem, too. lxc-ps shows, that init is the only process kept running in the container. Using Squeeze (sysvinit 2.88dsf-13.1+squeeze1) there is no such problem. Harri -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#706676: sysvinit: /sbin/init doesn't support LXC gracefull shutdown via lxc-shutdown
Package: sysvinit Version: 2.88dsf-41 Severity: important It seems that init doesn't handle properly SIGPWR inside LXC container, even after applying a workarround found at : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695568#15 'lxc-shutdown -n ' halts gracefully a container but container's /sbin/init process is left running after, so container isn't stopped. You have to do 'lxc-stop -n ' or a 'lxc-attach -n -- /bin/kill -9 ' to kill remaining /sbin/init and stop container. Regards. -- System Information: Debian Release: 7.0 APT prefers wheezy APT policy: (990, 'wheezy'), (500, 'wheezy-updates'), (500, 'wheezy-proposed-updates') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to fr_FR.UTF-8) Shell: /bin/sh linked to /bin/dash version of lxc: ii lxc 0.8.0~rc1-8+deb7 Versions of packages sysvinit depends on: ii debianutils 4.3.2 ii initscripts 2.88dsf-41 ii libc6 2.13-38 ii libselinux1 2.1.9-5 ii libsepol1 2.1.4-3 ii sysv-rc 2.88dsf-41 ii sysvinit-utils 2.88dsf-41 sysvinit recommends no packages. sysvinit suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
