strangely enough, adding the aa_allow_incomplete option doesn't seem to
make a difference; container startup keeps failing at the same point.
In any case, it does seem to initialize the container correctly, and I
seem to hit a different issue. The entire cgroup thing seems to work
now, at least:
lxc-start 1455916829.396 INFO lxc_start - start.c:lxc_init:474 -
'aansluitform-deploy' is initialized
lxc-start 1455916829.396 DEBUG lxc_start - start.c:__lxc_start:1186 -
Not dropping cap_sys_boot or watching utmp
lxc-start 1455916829.396 INFO lxc_start -
start.c:resolve_clone_flags:883 - Cloning a new user namespace
lxc-start 1455916829.396 INFO lxc_cgroup - cgroup.c:cgroup_init:65 -
cgroup driver cgmanager initing for aansluitform-deploy
lxc-start 1455916829.507 NOTICE lxc_start - start.c:do_start:699 -
switching to gid/uid 0 in new user namespace
lxc-start 1455916829.509 DEBUG lxc_conf - conf.c:setup_rootfs:1295 -
mounted '/home/bas/.local/share/lxc/aansluitform-deploy/rootfs' on
'/usr/lib/x86_64-linux-gnu/lxc'
lxc-start 1455916829.509 INFO lxc_conf - conf.c:setup_utsname:928 -
'aansluitform-deploy' hostname has been setup
lxc-start 1455916829.509 DEBUG lxc_conf - conf.c:setup_netdev:2595 -
'eth0' has been setup
lxc-start 1455916829.509 INFO lxc_conf - conf.c:setup_network:2616 -
network has been setup
lxc-start 1455916829.509 INFO lxc_conf - conf.c:mount_autodev:1157 -
Mounting container /dev
lxc-start 1455916829.509 INFO lxc_conf - conf.c:mount_autodev:1179 -
Mounted tmpfs onto /usr/lib/x86_64-linux-gnu/lxc/dev
lxc-start 1455916829.509 INFO lxc_conf - conf.c:mount_autodev:1197 -
Mounted container /dev
which seems to pass the point where it failed before.
A little bit later, it now fails with
lxc-start 1455916829.616 WARN lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:167 - Incomplete AppArmor support in
your kernel
lxc-start 1455916829.616 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:183 - No such file or directory -
failed to change apparmor profile to lxc-container-default
lxc-start 1455916829.616 ERROR lxc_sync - sync.c:__sync_wait:51 -
invalid sequence number 1. expected 4
lxc-start 1455916829.616 ERROR lxc_start - start.c:__lxc_start:1213 -
failed to spawn 'aansluitform-deploy'
lxc-start 1455916829.616 WARN lxc_commands -
commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive
response
lxc-start 1455916829.616 WARN lxc_cgmanager - cgmanager.c:cgm_get:994
- do_cgm_get exited with error
lxc-start 1455916829.616 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:523 - call to cgmanager_remove_sync failed:
invalid request
lxc-start 1455916829.616 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:525 - Error removing
all:lxc/aansluitform-deploy-10
lxc-start 1455916834.621 ERROR lxc_start_ui - lxc_start.c:main:344 -
The container failed to start.
lxc-start 1455916834.621 ERROR lxc_start_ui - lxc_start.c:main:346 -
To get more details, run the container in foreground mode.
lxc-start 1455916834.621 ERROR lxc_start_ui - lxc_start.c:main:348 -
Additional information can be obtained by setting the --logfile and
--logpriority options.
even if the apparmor setting is set in the config file.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833
Title:
unprivileged lxc containers won't start, need to put sessions into
"pids" cgroup controller
Status in lxc package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Fix Released
Status in lxc source package in Wily:
New
Status in systemd source package in Wily:
Fix Committed
Bug description:
I'n trying to get (unpriviliged) lxc containers to run on wily. I
create a container like this:
> lxc-create -t download -n u1 -- -d ubuntu -r wily -a amd64
that works. However, starting the container fails:
> lxc-start -n u1
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 346 To get more details, run the container in
foreground mode.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
Setting the log priority to debug shows the following (relevant part
only):
lxc-start 1452717530.484 INFO lxc_start - start.c:lxc_init:474 -
'u1' is initialized
lxc-start 1452717530.484 DEBUG lxc_start - start.c:__lxc_start:1186
- Not dropping cap_sys_boot or watching utmp
lxc-start 1452717530.484 INFO lxc_start -
start.c:resolve_clone_flags:883 - Cloning a new user namespace
lxc-start 1452717530.484 INFO lxc_cgroup - cgroup.c:cgroup_init:65
- cgroup driver cgmanager initing for u1
lxc-start 1452717530.489 ERROR lxc_cgmanager -
cgmanager.c:lxc_cgmanager_enter:698 - call to cgmanager_move_pid_sync failed:
invalid request
lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to
cgmanager_move_pid_sync failed: invalid request
lxc-start 1452717530.490 ERROR lxc_start - start.c:__lxc_start:1213
- failed to spawn 'u1'
lxc-start: start.c: __lxc_start: 1213 failed to spawn 'u1'
lxc-start 1452717530.513 ERROR lxc_start_ui - lxc_start.c:main:344 -
The container failed to start.
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start 1452717530.513 ERROR lxc_start_ui - lxc_start.c:main:348 -
Additional information can be obtained by setting the --logfile and
--logpriority options.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
lxc-start 1452717530.484 INFO lxc_start - start.c:lxc_init:474 -
'u1' is initialized
lxc-start 1452717530.484 DEBUG lxc_start - start.c:__lxc_start:1186
- Not dropping cap_sys_boot or watching utmp
lxc-start 1452717530.484 INFO lxc_start -
start.c:resolve_clone_flags:883 - Cloning a new user namespace
lxc-start 1452717530.484 INFO lxc_cgroup - cgroup.c:cgroup_init:65
- cgroup driver cgmanager initing for u1
lxc-start 1452717530.489 ERROR lxc_cgmanager -
cgmanager.c:lxc_cgmanager_enter:698 - call to cgmanager_move_pid_sync failed:
invalid request
lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to
cgmanager_move_pid_sync failed: invalid request
lxc-start 1452717530.490 ERROR lxc_start - start.c:__lxc_start:1213
- failed to spawn 'u1'
lxc-start: start.c: __lxc_start: 1213 failed to spawn 'u1'
lxc-start 1452717530.513 ERROR lxc_start_ui - lxc_start.c:main:344 -
The container failed to start.
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start 1452717530.513 ERROR lxc_start_ui - lxc_start.c:main:348 -
Additional information can be obtained by setting the --logfile and
--logpriority options.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
So it seems a cgmanager issue. Syslog shows:
Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager:do_create_main: pid 25615
(uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids
Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager: Invalid path
/run/cgmanager/fs/pids/lxc/u1
Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager:per_ctrl_move_pid_main:
Invalid path /run/cgmanager/fs/pids/lxc/u1
Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager:do_create_main: pid 25632
(uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids
Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager: Invalid path
/run/cgmanager/fs/pids/lxc/u1
Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager:per_ctrl_move_pid_main:
Invalid path /run/cgmanager/fs/pids/lxc/u1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
