So for now I added also a task for the kernel, though the truth (if such a thing exists) could be somewhere between. Serge, Stephane, what we probably need to figure out is what exactly lxc-start tries to get done when slave mounting /run/netns. And somehow it might be possible that it needs improvement for the case that this is denied or fails. Looking at it from the outside it feels like going on assuming it got its own space but actually continuing to use the host space. The other thing would be that this sound like lxc-start would require a rule to actually allow it to do that mount of /run/netns.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host Status in linux package in Ubuntu: Confirmed Status in lxc package in Ubuntu: New Bug description: Context: Neutron gateway north/south routing server which manages a large number of network namespaces; also hosts a few LXC containers for misc lightweight control plane services. Problem: If I restart one of the lxc containers, all of the namespaces get corrupted in someway; attempting to exec anything in any namespace fails with: seting the network namespace "qrouter-4b575c81-39bb-439f-81e1-e59e3759a287" failed: Invalid argument seting the network namespace "qrouter-1f5e26df-f8c5-4246-9485-3f9df8e39c40" failed: Invalid argument seting the network namespace "qrouter-c3bf179e-9532-43f9-88af-752b66592cd6" failed: Invalid argument seting the network namespace "qrouter-3d4550ca-4de6-44e3-90b5-1b60c3d58ed1" failed: Invalid argument seting the network namespace "qrouter-4fc4c3c2-68bf-4954-8b32-d47d8d84086e" failed: Invalid argument seting the network namespace "qrouter-0890d9ea-f0c8-4e69-bf1a-4896213a82a0" failed: Invalid argument seting the network namespace "qrouter-0f7e0655-f84b-4aaa-82aa-75f01a59411e" failed: Invalid argument I also see: Dec 10 15:16:00 cofgod kernel: [ 4604.274359] type=1400 audit(1418224560.675:132): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-0ba77ab2-b3ee-4752-88af-b19313c10f9d/" pid=8790 comm="lxc-start" flags="rw, slave" Dec 10 15:16:00 cofgod kernel: [ 4604.274405] type=1400 audit(1418224560.675:134): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-25006453-2caa-4aa4-bdeb-e4822dc700d6/" pid=8790 comm="lxc-start" flags="rw, slave" Dec 10 15:16:00 cofgod kernel: [ 4604.274436] type=1400 audit(1418224560.675:136): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-2fec74e8-d507-4650-beb4-8da459ea0039/" pid=8790 comm="lxc-start" flags="rw, slave" Dec 10 15:16:00 cofgod kernel: [ 4604.274451] type=1400 audit(1418224560.675:137): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-33d8fa40-c158-4377-bc8f-d252e38d4943/" pid=8790 comm="lxc-start" flags="rw, slave" Dec 10 15:16:00 cofgod kernel: [ 4604.274466] type=1400 audit(1418224560.675:138): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-394517c0-e48a-43e7-8778-96c601607733/" pid=8790 comm="lxc-start" flags="rw, slave" Dec 10 15:16:00 cofgod kernel: [ 4604.274482] type=1400 audit(1418224560.675:139): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-41e21850-decf-49f8-97fb-cbb3aa5932e3/" pid=8790 comm="lxc-start" flags="rw, slave" Dec 10 15:16:00 cofgod kernel: [ 4604.274497] type=1400 audit(1418224560.675:140): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qrouter-e9837293-c017-4d85-a601-cae5e83719a2/" pid=8790 comm="lxc-start" flags="rw, slave" In the kern.log ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: lxc 1.0.6-0ubuntu0.1 ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6 Uname: Linux 3.13.0-35-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 Date: Wed Dec 10 15:24:45 2014 SourcePackage: lxc UpgradeStatus: No upgrade log present (probably fresh install) defaults.conf: lxc.network.type = veth lxc.network.link = lxcbr0 lxc.network.flags = up lxc.network.hwaddr = 00:16:3e:xx:xx:xx To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
