[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
I still don't get the point about lsh - I mean what's the difference with openssh? Are there some specific step by ssh server with regards to user session setup necessary? Or some specific system-wide configuration required somewhere? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp -
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
cat /proc/self/cgroup 10:cpuset:/system.slice/lsh-server.service 9:memory:/system.slice/lsh-server.service 8:freezer:/system.slice/lsh-server.service 7:blkio:/system.slice/lsh-server.service 6:hugetlb:/system.slice/lsh-server.service 5:perf_event:/system.slice/lsh-server.service 4:cpu,cpuacct:/system.slice/lsh-server.service 3:net_cls,net_prio:/system.slice/lsh-server.service 2:devices:/system.slice/lsh-server.service 1:name=systemd:/system.slice/lsh-server.service ** Changed in: systemd (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO
Re: [Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
is lsh somehow not triggering pam_systemd? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (350, 313) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .delete_module
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
How does this triggering happens normally? I mean should ssh server call something specific explicitly? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (350, 313) lxc-start 1434992414.077 INFO lxc_seccomp -
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
cat /proc/self/cgroups cat: /proc/self/cgroups: No such file or directory Hmm.. what ssh server have to do with this? ** Changed in: systemd (Ubuntu) Status: Incomplete = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
So that seems to be an artifact of using lsh-server? After ssh'ing in, please copypaste the output of cat /proc/self/cgroups ** Changed in: systemd (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Incomplete Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
I meant /proc/self/cgroup, sorry. what ssh server have to do with this? Because your process is in /system.slice/lsh-server.service, which your user cannot access. ** Changed in: systemd (Ubuntu) Status: Confirmed = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Incomplete Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp -
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: lxc (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (350, 313) lxc-start
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: systemd (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Confirmed Status in systemd package in Ubuntu: Confirmed Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (350, 313) lxc-start
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
What is regular user session? Does ssh connection counts or it have to be local console login? ** Changed in: lxc (Ubuntu) Status: Incomplete = New ** Changed in: systemd (Ubuntu) Status: Incomplete = New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: New Status in systemd package in Ubuntu: New Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 -
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
ssh connections should count for a regular user session. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: New Status in systemd package in Ubuntu: New Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (350, 313) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing:
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
The cgmanager log shows: Invalid path /run/cgmanager/fs/none,name=systemd/system.slice/lsh- server.service/lxc/asterisk How are you logged in when you try to start the container? To start an unprivileged container, you must be logged into a regular user session, so /proc/self/cgroup should look something like: 10:memory:/user.slice/user-1000.slice/session-c2.scope 9:perf_event:/user.slice/user-1000.slice/session-c2.scope 8:cpu,cpuacct:/user.slice/user-1000.slice/session-c2.scope 7:cpuset:/user.slice/user-1000.slice/session-c2.scope 6:net_cls,net_prio:/user.slice/user-1000.slice/session-c2.scope 5:blkio:/user.slice/user-1000.slice/session-c2.scope 4:hugetlb:/user.slice/user-1000.slice/session-c2.scope 3:devices:/user.slice/user-1000.slice/session-c2.scope 2:freezer:/user.slice/user-1000.slice/session-c2.scope 1:name=systemd:/user.slice/user-1000.slice/session-c2.scope Instead you seem to be in /system.slice/lsh-server.service, which you do not own. So as an unprivileged user you cannot create new cgroups for yourself, which is why lxc is failing. ** Also affects: lxc (Ubuntu) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu) Status: New = Incomplete ** Changed in: systemd (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in lxc package in Ubuntu: Incomplete Status in systemd package in Ubuntu: Incomplete Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
Btw, cgmanager is started and keep reporting junk which I fail to interpret: systemctl status cgmanager ● cgmanager.service - Cgroup management daemon Loaded: loaded (/lib/systemd/system/cgmanager.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2015-06-22 16:57:30 CEST; 2h 25min ago Main PID: 589 (cgmanager) Memory: 724.0K CGroup: /system.slice/cgmanager.service ‣ 589 /sbin/cgmanager -m name=systemd Jun 22 19:22:39 xnode cgmanager[589]: cgmanager: Invalid path /run/cgmanager/fs/hugetlb/system.slice/lsh-server.service/lxc/asterisk Jun 22 19:22:39 xnode cgmanager[589]: cgmanager:per_ctrl_move_pid_main: Invalid path /run/cgmanager/fs/hugetlb/system.slice/lsh-server.service/lxc/asterisk Jun 22 19:22:39 xnode cgmanager[589]: cgmanager: Invalid path /run/cgmanager/fs/memory/system.slice/lsh-server.service/lxc/asterisk Jun 22 19:22:39 xnode cgmanager[589]: cgmanager:per_ctrl_move_pid_main: Invalid path /run/cgmanager/fs/memory/system.slice/lsh-server.service/lxc/asterisk Jun 22 19:22:39 xnode cgmanager[589]: cgmanager: Invalid path /run/cgmanager/fs/net_cls/system.slice/lsh-server.service/lxc/asterisk Jun 22 19:22:39 xnode cgmanager[589]: cgmanager:per_ctrl_move_pid_main: Invalid path /run/cgmanager/fs/net_cls/system.slice/lsh-server.service/lxc/asterisk Jun 22 19:22:39 xnode cgmanager[589]: cgmanager: Invalid path /run/cgmanager/fs/perf_event/system.slice/lsh-server.service/lxc/asterisk Jun 22 19:22:39 xnode cgmanager[589]: cgmanager:per_ctrl_move_pid_main: Invalid path /run/cgmanager/fs/perf_event/system.slice/lsh-server.service/lxc/asterisk Jun 22 19:22:39 xnode cgmanager[589]: cgmanager: Invalid path /run/cgmanager/fs/none,name=systemd/system.slice/lsh-server.service/lxc/asterisk Jun 22 19:22:39 xnode cgmanager[589]: cgmanager:per_ctrl_move_pid_main: Invalid path /run/cgmanager/fs/none,name=systemd/system.slice/lsh-server.se...c/asterisk Hint: Some lines were ellipsized, use -l to show in full. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in systemd package in Ubuntu: New Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681
[Touch-packages] [Bug 1467611] Re: unprivileged lxc containers broken
That happens on x86_64 ubuntu 15.04 server btw. All the latest updates installed. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to systemd in Ubuntu. https://bugs.launchpad.net/bugs/1467611 Title: unprivileged lxc containers broken Status in systemd package in Ubuntu: New Bug description: Seems like I've hit the bug #1413927 but as requested in comments I'm filing new one. lxc-start -n asterisk -l debug -F --logfile /dev/stdout lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/x/.local/share/lxc/asterisk/config lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 - XDG_RUNTIME_DIR isn't set in the environment. lxc-start 1434992414.067 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 10 range 65536 lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963 - do_cgm_get exited with error lxc-start 1434992414.076 WARN lxc_start - start.c:lxc_check_inherited:224 - inherited fd 7 lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount action 0 lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1434992414.076 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .[all]. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .init_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1. lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action 327681 lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (350, 313) lxc-start 1434992414.077 INFO lxc_seccomp - seccomp.c:parse_config_v2:316 - processing: .delete_module errno 1.