Public bug reported:
Seems like I've hit the bug #1413927 but as requested in comments I'm
filing new one.
lxc-start -n asterisk -l debug -F --logfile /dev/stdout
lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 -
using rcfile /home/x/.local/share/lxc/asterisk/config
lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.067 WARN lxc_confile -
confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become
an error.
lxc-start 1434992414.069 INFO lxc_confile -
confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 100000 range
65536
lxc-start 1434992414.069 INFO lxc_confile -
confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 100000 range
65536
lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 -
lxc_log_init called with log already initialized
lxc-start 1434992414.075 WARN lxc_cgmanager - cgmanager.c:cgm_get:963
- do_cgm_get exited with error
lxc-start 1434992414.076 WARN lxc_start -
start.c:lxc_check_inherited:224 - inherited fd 7
lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM
security driver AppArmor
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment
this to allow umount -f; not recommended.
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount
action 0
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount
action 0
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1)
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .[all].
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283,
246)
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at
action 327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342,
304)
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .init_module errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128,
175)
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (350,
313)
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .delete_module errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for delete_module action
327681
lxc-start 1434992414.078 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for delete_module action
327681
lxc-start 1434992414.078 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (129,
176)
lxc-start 1434992414.078 INFO lxc_seccomp -
seccomp.c:parse_config_v2:451 - Merging in the compat seccomp ctx into the main
one
lxc-start 1434992414.078 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.078 DEBUG lxc_start - start.c:setup_signal_fd:259
- sigchild handler set
lxc-start 1434992414.080 DEBUG lxc_console -
console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer
lxc-start 1434992414.081 INFO lxc_caps - caps.c:lxc_caps_up:101 -
Last supported cap was 36
lxc-start 1434992414.081 DEBUG lxc_console -
console.c:lxc_console_peer_default:506 - using '/dev/tty' as console
lxc-start 1434992414.081 DEBUG lxc_console -
console.c:lxc_console_sigwinch_init:179 - 974 got SIGWINCH fd 10
lxc-start 1434992414.081 DEBUG lxc_console -
console.c:lxc_console_winsz:88 - set winsz dstfd:6 cols:160 rows:25
lxc-start 1434992414.155 INFO lxc_start - start.c:lxc_init:451 -
'asterisk' is initialized
lxc-start 1434992414.157 DEBUG lxc_start - start.c:__lxc_start:1137 -
Not dropping cap_sys_boot or watching utmp
lxc-start 1434992414.158 INFO lxc_start -
start.c:resolve_clone_flags:848 - Cloning a new user namespace
lxc-start 1434992414.158 INFO lxc_cgroup - cgroup.c:cgroup_init:65 -
cgroup driver cgmanager initing for asterisk
lxc-start 1434992414.176 ERROR lxc_cgmanager -
cgmanager.c:lxc_cgmanager_enter:694 - call to cgmanager_move_pid_sync failed:
invalid request
lxc-start: cgmanager.c: lxc_cgmanager_enter: 694 call to
cgmanager_move_pid_sync failed: invalid request
lxc-start 1434992414.177 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.197 ERROR lxc_start - start.c:__lxc_start:1164 -
failed to spawn 'asterisk'
lxc-start: start.c: __lxc_start: 1164 failed to spawn 'asterisk'
lxc-start 1434992414.197 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.197 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.199 ERROR lxc_start_ui - lxc_start.c:main:344 -
The container failed to start.
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start 1434992414.200 ERROR lxc_start_ui - lxc_start.c:main:348 -
Additional information can be obtained by setting the --logfile and
--logpriority options.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
I have also added bridge configured with systemdnetworkd into
/etc/lxc/lxc-usernet:
x veth ibr1 4
and corresponding file /etc/systemd/network/internalbridge1.netdev
[NetDev]
Name=ibr1
Kind=bridge
The container config:
# Distribution configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
lxc.arch = x86_64
# Container specific configuration
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = /home/x/.local/share/lxc/asterisk/rootfs
lxc.utsname = asterisk
# Network configuration
lxc.network.type = veth
lxc.network.link = ibr1
lxc.network.flags = up
lxc.network.name = internal
lxc.network.ipv4 = 10.1.1.2/24
lxc.network.ipv4.gateway = 10.1.1.1
** Affects: systemd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1467611
Title:
unprivileged lxc containers broken
Status in systemd package in Ubuntu:
New
Bug description:
Seems like I've hit the bug #1413927 but as requested in comments I'm
filing new one.
lxc-start -n asterisk -l debug -F --logfile /dev/stdout
lxc-start 1434992414.067 INFO lxc_start_ui - lxc_start.c:main:264 -
using rcfile /home/x/.local/share/lxc/asterisk/config
lxc-start 1434992414.067 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.067 WARN lxc_confile -
confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become
an error.
lxc-start 1434992414.069 INFO lxc_confile -
confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 100000 range
65536
lxc-start 1434992414.069 INFO lxc_confile -
confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 100000 range
65536
lxc-start 1434992414.069 WARN lxc_log - log.c:lxc_log_init:316 -
lxc_log_init called with log already initialized
lxc-start 1434992414.075 WARN lxc_cgmanager -
cgmanager.c:cgm_get:963 - do_cgm_get exited with error
lxc-start 1434992414.076 WARN lxc_start -
start.c:lxc_check_inherited:224 - inherited fd 7
lxc-start 1434992414.076 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM
security driver AppArmor
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .reject_force_umount # comment
this to allow umount -f; not recommended.
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for reject_force_umount
action 0
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for reject_force_umount
action 0
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:parse_config_v2:438 - Adding non-compat rule bc nr1 == nr2 (-1, -1)
lxc-start 1434992414.076 INFO lxc_seccomp -
seccomp.c:do_resolve_add_rule:210 - Setting seccomp rule to reject force umounts
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .[all].
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .kexec_load errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for kexec_load action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for kexec_load action 327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (283,
246)
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .open_by_handle_at errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for open_by_handle_at
action 327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for open_by_handle_at action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (342,
304)
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .init_module errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for init_module action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for init_module action 327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (128,
175)
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .finit_module errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for finit_module action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for finit_module action
327681
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (350,
313)
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:316 - processing: .delete_module errno 1.
lxc-start 1434992414.077 INFO lxc_seccomp -
seccomp.c:parse_config_v2:419 - Adding non-compat rule for delete_module action
327681
lxc-start 1434992414.078 INFO lxc_seccomp -
seccomp.c:parse_config_v2:430 - Adding compat rule for delete_module action
327681
lxc-start 1434992414.078 INFO lxc_seccomp -
seccomp.c:parse_config_v2:443 - Really adding compat rule bc nr1 == nr2 (129,
176)
lxc-start 1434992414.078 INFO lxc_seccomp -
seccomp.c:parse_config_v2:451 - Merging in the compat seccomp ctx into the main
one
lxc-start 1434992414.078 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.078 DEBUG lxc_start -
start.c:setup_signal_fd:259 - sigchild handler set
lxc-start 1434992414.080 DEBUG lxc_console -
console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer
lxc-start 1434992414.081 INFO lxc_caps - caps.c:lxc_caps_up:101 -
Last supported cap was 36
lxc-start 1434992414.081 DEBUG lxc_console -
console.c:lxc_console_peer_default:506 - using '/dev/tty' as console
lxc-start 1434992414.081 DEBUG lxc_console -
console.c:lxc_console_sigwinch_init:179 - 974 got SIGWINCH fd 10
lxc-start 1434992414.081 DEBUG lxc_console -
console.c:lxc_console_winsz:88 - set winsz dstfd:6 cols:160 rows:25
lxc-start 1434992414.155 INFO lxc_start - start.c:lxc_init:451 -
'asterisk' is initialized
lxc-start 1434992414.157 DEBUG lxc_start - start.c:__lxc_start:1137
- Not dropping cap_sys_boot or watching utmp
lxc-start 1434992414.158 INFO lxc_start -
start.c:resolve_clone_flags:848 - Cloning a new user namespace
lxc-start 1434992414.158 INFO lxc_cgroup - cgroup.c:cgroup_init:65
- cgroup driver cgmanager initing for asterisk
lxc-start 1434992414.176 ERROR lxc_cgmanager -
cgmanager.c:lxc_cgmanager_enter:694 - call to cgmanager_move_pid_sync failed:
invalid request
lxc-start: cgmanager.c: lxc_cgmanager_enter: 694 call to
cgmanager_move_pid_sync failed: invalid request
lxc-start 1434992414.177 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.197 ERROR lxc_start - start.c:__lxc_start:1164
- failed to spawn 'asterisk'
lxc-start: start.c: __lxc_start: 1164 failed to spawn 'asterisk'
lxc-start 1434992414.197 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.197 INFO lxc_utils - utils.c:get_rundir:483 -
XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1434992414.199 ERROR lxc_start_ui - lxc_start.c:main:344 -
The container failed to start.
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start 1434992414.200 ERROR lxc_start_ui - lxc_start.c:main:348 -
Additional information can be obtained by setting the --logfile and
--logpriority options.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
I have also added bridge configured with systemdnetworkd into
/etc/lxc/lxc-usernet:
x veth ibr1 4
and corresponding file /etc/systemd/network/internalbridge1.netdev
[NetDev]
Name=ibr1
Kind=bridge
The container config:
# Distribution configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
lxc.arch = x86_64
# Container specific configuration
lxc.include = /etc/lxc/default.conf
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = /home/x/.local/share/lxc/asterisk/rootfs
lxc.utsname = asterisk
# Network configuration
lxc.network.type = veth
lxc.network.link = ibr1
lxc.network.flags = up
lxc.network.name = internal
lxc.network.ipv4 = 10.1.1.2/24
lxc.network.ipv4.gateway = 10.1.1.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1467611/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
