[Touch-packages] [Bug 1586608] Re: Can not start nested trusty container inside trusty container

Stéphane Graber Wed, 25 Mar 2020 19:22:16 -0700

trusty is EOL, cgmanager/cgproxy are dead and nesting works way better
now thanks to cgroup namespaces.


** Changed in: lxc (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1586608

Title:
  Can not start nested trusty container inside trusty container

Status in lxc package in Ubuntu:
  Won't Fix

Bug description:
  On Xenial, can not start a nested Trusty container inside a Trusty
  container. (All containers are privileged, tests done on two different
  machines, one is a fresh Xenial install)

  Steps to reproduce:

    * Create a nested Trusty container (ie. Trusty container in a trusty
  container) on a Xenial machine

    * Observe the result:

  # lxc-start -d --name testt --logfile=/tmp/log
  lxc-start: lxc_start.c: main: 341 The container failed to start.
  lxc-start: lxc_start.c: main: 343 To get more details, run the container in 
foreground mode.
  lxc-start: lxc_start.c: main: 345 Additional information can be obtained by 
setting the --logfile and --logpriority options.

  # cat /tmp/log
        lxc-start 1464425901.410 ERROR    lxc_cgfs - cgfs.c:cgfs_init:2246 - 
cgroupfs failed to detect cgroup metadata
        lxc-start 1464425901.411 ERROR    lxc_start - start.c:lxc_spawn:884 - 
failed initializing cgroup support
        lxc-start 1464425901.467 ERROR    lxc_start - start.c:__lxc_start:1121 
- failed to spawn 'testt'
        lxc-start 1464425901.467 ERROR    lxc_start_ui - lxc_start.c:main:341 - 
The container failed to start.
        lxc-start 1464425901.467 ERROR    lxc_start_ui - lxc_start.c:main:343 - 
To get more details, run the container in foreground mode.
        lxc-start 1464425901.467 ERROR    lxc_start_ui - lxc_start.c:main:345 - 
Additional information can be obtained by setting the --logfile and 
--logpriority options.

  Unsure if this is a Xenial or Trusty issue (tested on original
  4.4.0-22-generic and 4.5.3 kernels)

  Works successfully (tested):

    * On Xenial, Xenial container inside Xenial container
    * On Xenial, Trusty container inside Xenial container
    * On Trusty, Trusty container inside Trusty container

  Does NOT work:

    * On Xenial, Trusty container inside Trusty container

  Setup details:

    * Create container:

  apt-get update --yes
  apt-get dist-upgrade --yes
  apt-get install lxc --yes
  lxc-create -n NAME -t ubuntu -- -r trusty -a amd64
  --or--
  lxc-create -n NAME -t ubuntu -- -r xenial -a amd64

  And add in config:
  lxc.include = /usr/share/lxc/config/nesting.conf

  Also, for Xenial:
  lxc.aa_allow_incomplete = 1

  Then start and attach to create the nested container.

  Additional information:

    * On the Trusty container on a Xenial machine:

  # cat /proc/cgroups 
  #subsys_name  hierarchy       num_cgroups     enabled
  cpuset        9       12      1
  cpu   2       164     1
  cpuacct       2       164     1
  blkio 7       164     1
  memory        5       702     1
  devices       10      319     1
  freezer       11      28      1
  net_cls       8       12      1
  perf_event    3       12      1
  net_prio      8       12      1
  hugetlb       6       12      1
  pids  4       305     1

  # uname -a 
  Linux testt 4.5.3 #1 SMP Mon May 9 08:18:24 CEST 2016 x86_64 x86_64 x86_64 
GNU/Linux

  Also tested on a regular 4.4.0-22 kernel:

  # uname -a 
  Linux xavier-test 4.4.0-22-generic #40-Ubuntu SMP Thu May 12 22:03:46 UTC 
2016 x86_64 x86_64 x86_64 GNU/Linux

  # cat /proc/self/mountinfo
  164 119 202:1 /var/lib/lxc/testt/rootfs / rw,noatime master:1 - ext4 
/dev/xvda1 rw,nobarrier,errors=remount-ro,data=ordered
  165 164 0:44 / /dev rw,relatime - tmpfs none rw,size=492k,mode=755
  166 164 0:43 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
  167 168 0:43 /sys/net /proc/sys/net rw,nosuid,nodev,noexec,relatime - proc 
proc rw
  168 166 0:43 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
  169 166 0:43 /sysrq-trigger /proc/sysrq-trigger 
ro,nosuid,nodev,noexec,relatime - proc proc rw
  170 164 0:45 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
  171 170 0:45 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
  172 171 0:45 / /sys/devices/virtual/net rw,relatime - sysfs sysfs rw
  173 172 0:45 /devices/virtual/net /sys/devices/virtual/net 
rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
  174 171 0:37 / /sys/fs/fuse/connections rw,relatime master:28 - fusectl 
fusectl rw
  175 171 0:7 / /sys/kernel/debug rw,relatime master:25 - debugfs debugfs rw
  176 171 0:12 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:8 
- securityfs securityfs rw
  177 171 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:11 - 
pstore pstore rw
  178 165 0:42 / /dev/mqueue rw,relatime - mqueue mqueue rw
  179 165 0:43 / /dev/.lxc/proc rw,relatime - proc proc rw
  180 165 0:45 / /dev/.lxc/sys rw,relatime - sysfs sys rw
  181 166 0:40 /proc/cpuinfo /proc/cpuinfo rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
  182 166 0:40 /proc/diskstats /proc/diskstats rw,nosuid,nodev,relatime 
master:98 - fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
  183 166 0:40 /proc/meminfo /proc/meminfo rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
  184 166 0:40 /proc/stat /proc/stat rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
  185 166 0:40 /proc/swaps /proc/swaps rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
  186 166 0:40 /proc/uptime /proc/uptime rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
  187 165 0:14 /0 /dev/lxc/console rw,nosuid,noexec,relatime master:3 - devpts 
devpts rw,gid=5,mode=620,ptmxmode=000
  120 165 0:46 / /dev/pts rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
  121 165 0:46 /0 /dev/lxc/tty1 rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
  122 165 0:46 /1 /dev/lxc/tty2 rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
  123 165 0:46 /2 /dev/lxc/tty3 rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
  124 165 0:46 /3 /dev/lxc/tty4 rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
  125 175 0:9 / /sys/kernel/debug/tracing rw,relatime - tracefs tracefs rw
  126 164 0:47 / /run rw,nosuid,noexec,relatime - tmpfs none 
rw,size=3088236k,mode=755
  127 171 0:48 / /sys/fs/cgroup rw,relatime - tmpfs none rw,size=4k,mode=755
  128 126 0:49 / /run/lock rw,nosuid,nodev,noexec,relatime - tmpfs none 
rw,size=5120k
  129 126 0:50 / /run/shm rw,nosuid,nodev,relatime - tmpfs none rw
  130 126 0:51 / /run/user rw,nosuid,nodev,noexec,relatime - tmpfs none 
rw,size=102400k,mode=755

  
  Possible related bugs:

    * bug #1543697 (which is fixed)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1586608/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1586608] Re: Can not start nested trusty container inside trusty container

Reply via email to