[Bug 1312532] Re: [systemd] Container startup fails on missing lxcbr0
For the record, this is the broken-out shell script which should factorize init.d/unit/upstart job. I tried to run " sudo mount --make-rprivate /" to work around that AA issue. Now "sudo ./lxc-net start" fails with $ sudo lxc-start -n debci lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing lxc-start: Input/output error - error 5 creating /usr/lib/x86_64-linux-gnu/lxc/dev/lxc/console lxc-start: failed to setup the console for 'debci' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'debci' There is no /usr/lib/x86_64-linux-gnu/lxc/dev/, and no dmesg error any more. strace: 25459 mkdir("/usr/lib/x86_64-linux-gnu/lxc/dev/lxc", 0755) = -1 EEXIST (File exists) 25459 unlink("/usr/lib/x86_64-linux-gnu/lxc/dev/console") = -1 ENOENT (No such file or directory) 25459 creat("/usr/lib/x86_64-linux-gnu/lxc/dev/lxc/console", 0660) = -1 EIO (Input/output error) Apparently /usr/lib/x86_64-linux-gnu/lxc/dev/ is a private mount within LXC? ** Attachment added: "lxc-net script" https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1312532/+attachment/4100149/+files/lxc-net -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1312532 Title: [systemd] Container startup fails on missing lxcbr0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1312532/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1312532] Re: [systemd] Container startup fails on missing lxcbr0
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: lxc (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1312532 Title: [systemd] Container startup fails on missing lxcbr0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1312532/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1312532] Re: [systemd] Container startup fails on missing lxcbr0
I think the apparmor issue should be filed as a separate bug. The issue there is that systemd has mounted / as MS_SHARED, so lxc is having to remount / as rslave. The apparmor policy will need to be updated to allow that. Ideally we can wait to allow that until the apparmor parser properly parses the mounts propagation mount_options, so we don't have to allow lxc-start to remount / in other ways. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1312532 Title: [systemd] Container startup fails on missing lxcbr0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1312532/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1312532] Re: [systemd] Container startup fails on missing lxcbr0
For the record: I turned /etc/init/lxc-net.conf into a shell script that you call with "start" or "stop". With that we can keep the logic in one place, and the upstart/systemd/init.d script would just call this. That sets up the lxcbr interface etc. I also ran the apparmor bits from /etc/init/lxc.conf, but even that isn't enough: $ sudo lxc-start -n debci lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing lxc-start: Device or resource busy - failed to set memory.use_hierarchy to 1; continuing lxc-start: Permission denied - Failed to make / rslave lxc-start: Continuing... lxc-start: Input/output error - error 5 creating /usr/lib/x86_64-linux-gnu/lxc/dev/lxc/console lxc-start: failed to setup the console for 'debci' lxc-start: failed to setup the container lxc-start: invalid sequence number 1. expected 2 lxc-start: failed to spawn 'debci' Corresponding kernel messages from that: $ dmesg [ 1733.458729] device veth6OE62S entered promiscuous mode [ 1733.459332] IPv6: ADDRCONF(NETDEV_UP): veth6OE62S: link is not ready [ 1733.503547] type=1400 audit(1398440577.278:78): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/" pid=4371 comm="lxc-start" flags="rw, rslave" [ 1733.527581] IPv6: ADDRCONF(NETDEV_CHANGE): veth6OE62S: link becomes ready [ 1733.527672] lxcbr0: port 1(veth6OE62S) entered forwarding state [ 1733.527697] lxcbr0: port 1(veth6OE62S) entered forwarding state [ 1733.947690] lxcbr0: port 1(veth6OE62S) entered disabled state [ 1733.948400] device veth6OE62S left promiscuous mode [ 1733.948416] lxcbr0: port 1(veth6OE62S) entered disabled state Certainly the AppArmor violation is the crucial bit here. It might behave slightly differently when running under systemd. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1312532 Title: [systemd] Container startup fails on missing lxcbr0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1312532/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs