[Bug 1586608] [NEW] Can not start nested trusty container inside trusty container

Sat, 28 May 2016 02:31:13 -0700 

Public bug reported:

On Xenial, can not start a nested Trusty container inside a Trusty
container. (All containers are privileged, tests done on two different
machines, one is a fresh Xenial install)

Steps to reproduce:

  * Create a nested Trusty container (ie. Trusty container in a trusty
container) on a Xenial machine

  * Observe the result:

# lxc-start -d --name testt --logfile=/tmp/log
lxc-start: lxc_start.c: main: 341 The container failed to start.
lxc-start: lxc_start.c: main: 343 To get more details, run the container in 
foreground mode.
lxc-start: lxc_start.c: main: 345 Additional information can be obtained by 
setting the --logfile and --logpriority options.

# cat /tmp/log
      lxc-start 1464425901.410 ERROR    lxc_cgfs - cgfs.c:cgfs_init:2246 - 
cgroupfs failed to detect cgroup metadata
      lxc-start 1464425901.411 ERROR    lxc_start - start.c:lxc_spawn:884 - 
failed initializing cgroup support
      lxc-start 1464425901.467 ERROR    lxc_start - start.c:__lxc_start:1121 - 
failed to spawn 'testt'
      lxc-start 1464425901.467 ERROR    lxc_start_ui - lxc_start.c:main:341 - 
The container failed to start.
      lxc-start 1464425901.467 ERROR    lxc_start_ui - lxc_start.c:main:343 - 
To get more details, run the container in foreground mode.
      lxc-start 1464425901.467 ERROR    lxc_start_ui - lxc_start.c:main:345 - 
Additional information can be obtained by setting the --logfile and 
--logpriority options.

Unsure if this is a Xenial or Trusty issue (tested on original
4.4.0-22-generic and 4.5.3 kernels)

Works successfully (tested):

  * On Xenial, Xenial container inside Xenial container
  * On Xenial, Trusty container inside Xenial container
  * On Trusty, Trusty container inside Trusty container

Does NOT work:

  * On Xenial, Trusty container inside Trusty container

Setup details:

  * Create container:

apt-get update --yes
apt-get dist-upgrade --yes
apt-get install lxc --yes
lxc-create -n NAME -t ubuntu -- -r trusty -a amd64
--or--
lxc-create -n NAME -t ubuntu -- -r xenial -a amd64

And add in config:
lxc.include = /usr/share/lxc/config/nesting.conf

Also, for Xenial:
lxc.aa_allow_incomplete = 1

Then start and attach to create the nested container.

Additional information:

  * On the Trusty container on a Xenial machine:

# cat /proc/cgroups 
#subsys_name    hierarchy       num_cgroups     enabled
cpuset  9       12      1
cpu     2       164     1
cpuacct 2       164     1
blkio   7       164     1
memory  5       702     1
devices 10      319     1
freezer 11      28      1
net_cls 8       12      1
perf_event      3       12      1
net_prio        8       12      1
hugetlb 6       12      1
pids    4       305     1

# uname -a 
Linux testt 4.5.3 #1 SMP Mon May 9 08:18:24 CEST 2016 x86_64 x86_64 x86_64 
GNU/Linux

Also tested on a regular 4.4.0-22 kernel:

# uname -a 
Linux xavier-test 4.4.0-22-generic #40-Ubuntu SMP Thu May 12 22:03:46 UTC 2016 
x86_64 x86_64 x86_64 GNU/Linux

# cat /proc/self/mountinfo
164 119 202:1 /var/lib/lxc/testt/rootfs / rw,noatime master:1 - ext4 /dev/xvda1 
rw,nobarrier,errors=remount-ro,data=ordered
165 164 0:44 / /dev rw,relatime - tmpfs none rw,size=492k,mode=755
166 164 0:43 / /proc rw,nosuid,nodev,noexec,relatime - proc proc rw
167 168 0:43 /sys/net /proc/sys/net rw,nosuid,nodev,noexec,relatime - proc proc 
rw
168 166 0:43 /sys /proc/sys ro,nosuid,nodev,noexec,relatime - proc proc rw
169 166 0:43 /sysrq-trigger /proc/sysrq-trigger ro,nosuid,nodev,noexec,relatime 
- proc proc rw
170 164 0:45 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
171 170 0:45 / /sys rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
172 171 0:45 / /sys/devices/virtual/net rw,relatime - sysfs sysfs rw
173 172 0:45 /devices/virtual/net /sys/devices/virtual/net 
rw,nosuid,nodev,noexec,relatime - sysfs sysfs rw
174 171 0:37 / /sys/fs/fuse/connections rw,relatime master:28 - fusectl fusectl 
rw
175 171 0:7 / /sys/kernel/debug rw,relatime master:25 - debugfs debugfs rw
176 171 0:12 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime master:8 - 
securityfs securityfs rw
177 171 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime master:11 - 
pstore pstore rw
178 165 0:42 / /dev/mqueue rw,relatime - mqueue mqueue rw
179 165 0:43 / /dev/.lxc/proc rw,relatime - proc proc rw
180 165 0:45 / /dev/.lxc/sys rw,relatime - sysfs sys rw
181 166 0:40 /proc/cpuinfo /proc/cpuinfo rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
182 166 0:40 /proc/diskstats /proc/diskstats rw,nosuid,nodev,relatime master:98 
- fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
183 166 0:40 /proc/meminfo /proc/meminfo rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
184 166 0:40 /proc/stat /proc/stat rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
185 166 0:40 /proc/swaps /proc/swaps rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
186 166 0:40 /proc/uptime /proc/uptime rw,nosuid,nodev,relatime master:98 - 
fuse.lxcfs lxcfs rw,user_id=0,group_id=0,allow_other
187 165 0:14 /0 /dev/lxc/console rw,nosuid,noexec,relatime master:3 - devpts 
devpts rw,gid=5,mode=620,ptmxmode=000
120 165 0:46 / /dev/pts rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
121 165 0:46 /0 /dev/lxc/tty1 rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
122 165 0:46 /1 /dev/lxc/tty2 rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
123 165 0:46 /2 /dev/lxc/tty3 rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
124 165 0:46 /3 /dev/lxc/tty4 rw,relatime - devpts devpts 
rw,gid=5,mode=620,ptmxmode=666
125 175 0:9 / /sys/kernel/debug/tracing rw,relatime - tracefs tracefs rw
126 164 0:47 / /run rw,nosuid,noexec,relatime - tmpfs none 
rw,size=3088236k,mode=755
127 171 0:48 / /sys/fs/cgroup rw,relatime - tmpfs none rw,size=4k,mode=755
128 126 0:49 / /run/lock rw,nosuid,nodev,noexec,relatime - tmpfs none 
rw,size=5120k
129 126 0:50 / /run/shm rw,nosuid,nodev,relatime - tmpfs none rw
130 126 0:51 / /run/user rw,nosuid,nodev,noexec,relatime - tmpfs none 
rw,size=102400k,mode=755


Possible related bugs:

  * bug #1543697 (which is fixed)

** Affects: lxc (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "strace lxc-start traces"
   
https://bugs.launchpad.net/bugs/1586608/+attachment/4671736/+files/strace.traces

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1586608

Title:
  Can not start nested trusty container inside trusty container

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1586608/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to