[Bug 1659590] Re: containers won't start after lxc and apparmor upgrades in trusty
** Changed in: lxc (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1659590 Title: containers won't start after lxc and apparmor upgrades in trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1659590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1659590] Re: containers won't start after lxc and apparmor upgrades in trusty
IIRC the issue was gone after upgrading to xenial. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1659590 Title: containers won't start after lxc and apparmor upgrades in trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1659590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1659590] Re: containers won't start after lxc and apparmor upgrades in trusty
anyone still affected by this? ** Changed in: lxc (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1659590 Title: containers won't start after lxc and apparmor upgrades in trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1659590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1659590] Re: containers won't start after lxc and apparmor upgrades in trusty
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: lxc (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1659590 Title: containers won't start after lxc and apparmor upgrades in trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1659590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1659590] Re: containers won't start after lxc and apparmor upgrades in trusty
fwiw: me too - I'm hitting a related bug; same timeframe I assume similar reasons. Debugging now. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1659590 Title: containers won't start after lxc and apparmor upgrades in trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1659590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1659590] Re: containers won't start after lxc and apparmor upgrades in trusty
Running as root: strace -f -o lxc-execute.log -- lxc-execute --name test
-- echo foobar
...
3274 access("/var/lib/lxc", X_OK) = 0
3274 open("/proc/self/mountinfo", O_RDONLY) = 7
3274 fstat(7, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
3274 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7fd5e4334000
3274 read(7, "74 73 8:1 / / rw,relatime - ext4"..., 1024) = 1024
3274 read(7, "release-agent.cpu\n86 83 0:25 / /"..., 1024) = 1024
3274 read(7, "odev,noexec,relatime - cgroup sy"..., 1024) = 490
3274 read(7, "", 1024) = 0
3274 close(7) = 0
3274 munmap(0x7fd5e4334000, 4096) = 0
3274 mount("", "/", NULL, MS_REC|MS_SLAVE, NULL) = 0
3274 access("echo", F_OK) = -1 ENOENT (No such file or directory)
3274 readlink("/proc/self", "3274", 20) = 4
3274 umount("/proc", MNT_DETACH) = 0
3274 open("/", O_RDONLY) = 7
== Problem starts here? ==
3274 openat(7, "proc", O_RDONLY|O_NOFOLLOW) = 8
3274 close(7) = 0
3274 mount("proc", "/proc/self/fd/8", "proc", 0, NULL) = -1 ENOENT (No such
file or directory)
== Errors start to show ==
3274 close(8) = 0
3274 write(3, "lxc-execute 1485521866.885 E"..., 138) = 138
3274 write(2, "lxc-execute: ", 13) = 13
3274 write(2, "utils.c: safe_mount: 1391 ", 26) = 26
3274 write(2, "No such file or directory - Fail"..., 59) = 59
...
I'm not sure why this mount call fails, but it may be related to
apparmor since running without it works fine, even with latest lxc
updates:
vagrant@vagrant-ubuntu-trusty-64:~$ sudo lxc-execute --name test --define
lxc.aa_profile=unconfined echo foobar
lxc-execute: utils.c: safe_mount: 1391 No such file or directory - Failed to
mount proc onto /proc
lxc-execute: conf.c: tmp_proc_mount: 4132 No such file or directory - failed to
mount /proc in the container.
lxc-execute: lsm/apparmor.c: apparmor_process_label_get: 80 No such file or
directory - opening /proc/1/attr/current
lxc-execute: lsm/apparmor.c: apparmor_process_label_get: 80 No such file or
directory - opening /proc/1/attr/current
foobar
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659590
Title:
containers won't start after lxc and apparmor upgrades in trusty
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1659590/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1659590] Re: containers won't start after lxc and apparmor upgrades in trusty
This is what I get on a trusty vagrant box with latest kernel, lxc and apparmor from trusty-updates: root@vagrant-ubuntu-trusty-64:~# lxc-execute --name guest -- echo foobar lxc-execute: utils.c: safe_mount: 1391 No such file or directory - Failed to mount proc onto /proc lxc-execute: conf.c: tmp_proc_mount: 4132 No such file or directory - failed to mount /proc in the container. lxc-execute: lsm/apparmor.c: apparmor_process_label_get: 80 No such file or directory - opening /proc/1/attr/current lxc-execute: lsm/apparmor.c: apparmor_process_label_set: 191 No such file or directory - failed to change apparmor profile to lxc-container-default lxc-execute: sync.c: __sync_wait: 57 An error occurred in another process (expected sequence number 5) lxc-execute: start.c: __lxc_start: 1149 failed to spawn 'guest' This is what I get on a trusty vagrant box with lxc and apparmor from trusty-security: root@vagrant-ubuntu-trusty-64:~# lxc-execute --name test -- echo foobar lxc: cgmanager.c: lxc_cgmanager_escape: 331 call to cgmanager_move_pid_abs_sync(hugetlb) failed: Escape request from different namespace requires a proxy init.lxc: initutils.c: mount_fs: 36 failed to mount /proc : Device or resource busy foobar Note that no foobar is shown in the first scenario, so something seems broken on the recent updates. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1659590 Title: containers won't start after lxc and apparmor upgrades in trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1659590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1659590] Re: containers won't start after lxc and apparmor upgrades in trusty
lxc.conf with obfuscated IP addresses. ** Attachment added: "lxc.conf" https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1659590/+attachment/4809377/+files/lxc.conf -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1659590 Title: containers won't start after lxc and apparmor upgrades in trusty To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1659590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
