Package: lxc Version: 1:3.1.0+really3.0.3-8 Severity: important Dear Maintainer,
After creating an lxc container, I've manually set a MAC address for it.
The container fails to start, giving this output in the logs:
lxc-start container-name 20200709195149.256 ERROR network -
network.c:setup_hw_addr:2762 - Cannot assign requested address - Failed to
perform ioctl
lxc-start container-name 20200709195149.256 ERROR network -
network.c:lxc_setup_netdev_in_child_namespaces:2907 - Failed to setup hw
address for network device "eth0"
lxc-start container-name 20200709195149.256 ERROR network -
network.c:lxc_setup_network_in_child_namespaces:3047 - failed to setup netdev
lxc-start container-name 20200709195149.256 ERROR conf -
conf.c:lxc_setup:3540 - Failed to setup network
lxc-start container-name 20200709195149.257 ERROR start -
start.c:do_start:1275 - Failed to setup container "container-name"
lxc-start container-name 20200709195149.257 ERROR sync -
sync.c:__sync_wait:62 - An error occurred in another process (expected sequence
number 5)
lxc-start container-name 20200709195149.258 ERROR lxccontainer -
lxccontainer.c:wait_on_daemonized_start:842 - Received container state
"ABORTING" instead of "RUNNING"
lxc-start container-name 20200709195149.258 ERROR lxc_start -
tools/lxc_start.c:main:330 - The container failed to start
lxc-start container-name 20200709195149.259 ERROR lxc_start -
tools/lxc_start.c:main:333 - To get more details, run the container in
foreground mode
lxc-start container-name 20200709195149.259 ERROR lxc_start -
tools/lxc_start.c:main:336 - Additional information can be obtained by setting
the --logfile and --logpriority options
lxc-start container-name 20200709195149.275 ERROR start -
start.c:__lxc_start:1951 - Failed to spawn container "container-name"
In the host I can see this:
...
Jul 09 19:53:42 olimicro audit[4788]: AVC apparmor="STATUS"
operation="profile_load" profile="/usr/bin/lxc-start"
name="lxc-container-name_</var/lib/lxc>" pid=4788 comm="apparmor_parser"
Jul 09 19:53:42 olimicro kernel: audit: type=1400
audit(1594324422.794:57): apparmor="STATUS" operation="profile_load"
profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4788
comm="apparmor_parser"
Jul 09 19:53:42 olimicro kernel: br0: port 4(vethETHNAME) entered
blocking state
Jul 09 19:53:42 olimicro kernel: br0: port 4(vethETHNAME) entered
disabled state
Jul 09 19:53:42 olimicro systemd-udevd[4789]: link_config:
autonegotiation is unset or enabled, the speed and duplex are not writable.
Jul 09 19:53:42 olimicro kernel: device vethETHNAME entered promiscuous
mode
Jul 09 19:53:42 olimicro kernel: IPv6: ADDRCONF(NETDEV_UP):
vethETHNAME: link is not ready
Jul 09 19:53:42 olimicro systemd-udevd[4789]: Using default interface
naming scheme 'v240'.
Jul 09 19:53:42 olimicro systemd-udevd[4789]: Could not generate
persistent MAC address for vethHP689N: No such file or directory
Jul 09 19:53:42 olimicro NetworkManager[935]: <info> [1594324422.8520]
manager: (vethHP689N): new Veth device
(/org/freedesktop/NetworkManager/Devices/37)
Jul 09 19:53:42 olimicro systemd-udevd[4790]: link_config:
autonegotiation is unset or enabled, the speed and duplex are not writable.
Jul 09 19:53:42 olimicro kernel: eth0: renamed from vethHP689N
Jul 09 19:53:42 olimicro systemd-udevd[4790]: Using default interface
naming scheme 'v240'.
Jul 09 19:53:42 olimicro sudo[4781]: pam_unix(sudo:session): session
closed for user root
Jul 09 19:53:42 olimicro NetworkManager[935]: <info> [1594324422.9294]
manager: (vethETHNAME): new Veth device
(/org/freedesktop/NetworkManager/Devices/38)
Jul 09 19:53:43 olimicro audit[4795]: AVC apparmor="STATUS"
operation="profile_remove" profile="/usr/bin/lxc-start"
name="lxc-container-name_</var/lib/lxc>" pid=4795 comm="apparmor_parser"
Jul 09 19:53:43 olimicro kernel: audit: type=1400
audit(1594324423.898:58): apparmor="STATUS" operation="profile_remove"
profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4795
comm="apparmor_parser"
Jul 09 19:53:44 olimicro kernel: br0: port 4(vethETHNAME) entered
disabled state
Jul 09 19:53:44 olimicro kernel: device vethETHNAME left promiscuous
mode
Jul 09 19:53:44 olimicro kernel: br0: port 4(vethETHNAME) entered
disabled state
Jul 09 19:53:44 olimicro NetworkManager[935]: <info> [1594324424.5249]
device (vethETHNAME): released from master device br0
To make the container work, I had to remove the lxc.net.0.hwaddr entry,
start the container and only then copy the autogenerated MAC address in
the config.
This happens on armv7l running buster. I haven't test a similar case on
other architecture nor testing/sid.
-- System Information:
Debian Release: 10.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: armhf (armv7l)
Kernel: Linux 4.19.0-9-armmp-lpae (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages lxc depends on:
ii debconf [debconf-2.0] 1.5.71
ii libc6 2.28-10
ii libcap2 1:2.25-2
ii libgnutls30 3.6.7-4+deb10u4
ii liblxc1 1:3.1.0+really3.0.3-8
ii libseccomp2 2.3.3-4
ii libselinux1 2.8-1+b1
ii lsb-base 10.2019051400
Versions of packages lxc recommends:
ii apparmor 2.13.2-10
ii bridge-utils 1.6-2
ii debootstrap 1.0.114
ii dirmngr 2.2.12-1+deb10u1
ii dnsmasq-base [dnsmasq-base] 2.80-1
ii gnupg 2.2.12-1+deb10u1
ii iproute2 4.20.0-2
ii iptables 1.8.2-4
ii libpam-cgfs 1:3.1.0+really3.0.3-8
ii lxc-templates 3.0.4-0+deb10u1
ii lxcfs 3.0.3-2
ii nftables 0.9.0-2
ii openssl 1.1.1d-0+deb10u3
ii rsync 3.1.3-6
ii uidmap 1:4.5-1.1
Versions of packages lxc suggests:
pn btrfs-progs <none>
ii lvm2 2.03.02-3
ii python3-lxc 1:3.0.3-1
-- Configuration Files:
/etc/lxc/default.conf changed:
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = br0
lxc.net.0.hwaddr = 45:b9:1a:xx:xx:xx
lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1
-- debconf information:
* lxc/auto_update_config: true
signature.asc
Description: PGP signature
