[Bug 1843490] [NEW] lxc.cgroup.devices.allow prevents unprivileged container from starting

Forest Tue, 10 Sep 2019 13:01:27 -0700

Public bug reported:

Adding lxc.cgroup.devices.allow directives to an unprivileged container
config prevent the container from starting. These lxc-start errors look
relevant:



lxc-start testbox 20190910192712.171 WARN     cgfsng - 
cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
lxc-start testbox 20190910192712.171 ERROR    cgfsng - 
cgroups/cgfsng.c:cg_legacy_set_data:2191 - Failed to setup limits for the 
"devices" controller. The controller seems to be unused by "cgfsng" cgroup 
driver or not enabled on the cgroup hierarchy
lxc-start testbox 20190910192712.171 WARN     cgfsng - 
cgroups/cgfsng.c:__cg_legacy_setup_limits:2228 - Failed to set "devices.allow" 
to "c 10:57 rwm"


It seems to me that I used lxc.cgroup.devices.allow directives without trouble 
a few years ago. I wonder which system upgrades broke it.


To reproduce:

(Note: subuid, subgid, and lxc-usernet are already configured for this
user.)

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 19.04
Release:        19.04
Codename:       disco

$ dpkg-query --show libpam-cgfs lxc1
libpam-cgfs     3.0.3-0ubuntu1
lxc1    3.0.3-0ubuntu1

$ lxc-create -t download -n testbox -- -d ubuntu -r bionic -a amd64
The cached copy has expired, re-downloading...
Setting up the GPG keyring
Downloading the image index
Downloading the rootfs
Downloading the metadata
The image cache is now ready
Unpacking the rootfs

---
You just created an Ubuntu bionic amd64 (20190910_07:42) container.

To enable SSH, run: apt install openssh-server
No default root or user password are set by LXC.

$ echo "lxc.cgroup.devices.allow = c 10:57 rwm" >> lxc/testbox/config

$ lxc-start -n testbox -o debug.out -l trace
lxc-start: testbox: lxccontainer.c: wait_on_daemonized_start: 842 Received 
container state "ABORTING" instead of "RUNNING"
lxc-start: testbox: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: testbox: tools/lxc_start.c: main: 333 To get more details, run the 
container in foreground mode
lxc-start: testbox: tools/lxc_start.c: main: 336 Additional information can be 
obtained by setting the --logfile and --logpriority options

$ cat debug.out
lxc-start testbox 20190910192712.380 INFO     confile - 
confile.c:set_config_idmaps:1555 - Read uid map: type u nsid 0 hostid 100000 
range 65536
lxc-start testbox 20190910192712.380 INFO     confile - 
confile.c:set_config_idmaps:1555 - Read uid map: type g nsid 0 hostid 100000 
range 65536
lxc-start testbox 20190910192712.382 TRACE    commands - commands.c:lxc_cmd:300 
- Connection refused - Command "get_init_pid" failed to connect command socket
lxc-start testbox 20190910192712.383 TRACE    commands - commands.c:lxc_cmd:300 
- Connection refused - Command "get_state" failed to connect command socket
lxc-start testbox 20190910192712.383 TRACE    start - 
start.c:lxc_init_handler:748 - Created anonymous pair {4,5} of unix sockets
lxc-start testbox 20190910192712.383 TRACE    commands - 
commands.c:lxc_cmd_init:1248 - Creating abstract unix socket 
"/home/ubuntu/lxc/testbox/command"
lxc-start testbox 20190910192712.383 TRACE    start - 
start.c:lxc_init_handler:760 - Unix domain socket 6 for command server is ready
lxc-start testbox 20190910192712.388 INFO     lxccontainer - 
lxccontainer.c:do_lxcapi_start:961 - Set process title to [lxc monitor] 
/home/ubuntu/lxc testbox
lxc-start testbox 20190910192712.392 TRACE    start - start.c:lxc_start:2052 - 
Doing lxc_start
lxc-start testbox 20190910192712.393 INFO     lsm - lsm/lsm.c:lsm_init:50 - LSM 
security driver AppArmor
lxc-start testbox 20190910192712.393 TRACE    start - start.c:lxc_init:777 - 
Initialized LSM
lxc-start testbox 20190910192712.395 TRACE    seccomp - 
seccomp.c:get_new_ctx:458 - Added arch 2 to main seccomp context
lxc-start testbox 20190910192712.395 TRACE    seccomp - 
seccomp.c:get_new_ctx:466 - Removed native arch from main seccomp context
lxc-start testbox 20190910192712.395 TRACE    seccomp - 
seccomp.c:get_new_ctx:458 - Added arch 3 to main seccomp context
lxc-start testbox 20190910192712.395 TRACE    seccomp - 
seccomp.c:get_new_ctx:466 - Removed native arch from main seccomp context
lxc-start testbox 20190910192712.395 TRACE    seccomp - 
seccomp.c:get_new_ctx:471 - Arch 4 already present in main seccomp context
lxc-start testbox 20190910192712.395 INFO     seccomp - 
seccomp.c:parse_config_v2:759 - Processing "reject_force_umount  # comment this 
to allow umount -f;  not recommended"
lxc-start testbox 20190910192712.395 INFO     seccomp - 
seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start testbox 20190910192712.395 INFO     seccomp - 
seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for 
reject_force_umount action 0(kill)
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for 
reject_force_umount action 0(kill)
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for 
reject_force_umount action 0(kill)
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for 
reject_force_umount action 0(kill)
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load 
action 327681(errno)
lxc-start testbox 20190910192712.396 INFO     seccomp - 
seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for 
kexec_load action 327681(errno)
lxc-start testbox 20190910192712.397 INFO     seccomp - 
seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for 
kexec_load action 327681(errno)
lxc-start testbox 20190910192712.397 INFO     seccomp - 
seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for 
kexec_load action 327681(errno)
lxc-start testbox 20190910192712.397 INFO     seccomp - 
seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start testbox 20190910192712.397 INFO     seccomp - 
seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for 
open_by_handle_at action 327681(errno)
lxc-start testbox 20190910192712.397 INFO     seccomp - 
seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for 
open_by_handle_at action 327681(errno)
lxc-start testbox 20190910192712.397 INFO     seccomp - 
seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for 
open_by_handle_at action 327681(errno)
lxc-start testbox 20190910192712.398 INFO     seccomp - 
seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for 
open_by_handle_at action 327681(errno)
lxc-start testbox 20190910192712.398 INFO     seccomp - 
seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start testbox 20190910192712.398 INFO     seccomp - 
seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module 
action 327681(errno)
lxc-start testbox 20190910192712.398 INFO     seccomp - 
seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for 
init_module action 327681(errno)
lxc-start testbox 20190910192712.398 INFO     seccomp - 
seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for 
init_module action 327681(errno)
lxc-start testbox 20190910192712.398 INFO     seccomp - 
seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for 
init_module action 327681(errno)
lxc-start testbox 20190910192712.398 INFO     seccomp - 
seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start testbox 20190910192712.399 INFO     seccomp - 
seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module 
action 327681(errno)
lxc-start testbox 20190910192712.399 INFO     seccomp - 
seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for 
finit_module action 327681(errno)
lxc-start testbox 20190910192712.399 INFO     seccomp - 
seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for 
finit_module action 327681(errno)
lxc-start testbox 20190910192712.399 INFO     seccomp - 
seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for 
finit_module action 327681(errno)
lxc-start testbox 20190910192712.399 INFO     seccomp - 
seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start testbox 20190910192712.399 INFO     seccomp - 
seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module 
action 327681(errno)
lxc-start testbox 20190910192712.400 INFO     seccomp - 
seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for 
delete_module action 327681(errno)
lxc-start testbox 20190910192712.400 INFO     seccomp - 
seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for 
delete_module action 327681(errno)
lxc-start testbox 20190910192712.400 INFO     seccomp - 
seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for 
delete_module action 327681(errno)
lxc-start testbox 20190910192712.400 INFO     seccomp - 
seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main 
context
lxc-start testbox 20190910192712.400 TRACE    seccomp - 
seccomp.c:parse_config_v2:980 - Merged first compat seccomp context into main 
context
lxc-start testbox 20190910192712.400 TRACE    seccomp - 
seccomp.c:parse_config_v2:996 - Merged second compat seccomp context into main 
context
lxc-start testbox 20190910192712.400 TRACE    start - start.c:lxc_init:784 - 
Read seccomp policy
lxc-start testbox 20190910192712.400 TRACE    start - 
start.c:lxc_serve_state_clients:466 - Set container state to STARTING
lxc-start testbox 20190910192712.400 TRACE    start - 
start.c:lxc_serve_state_clients:469 - No state clients registered
lxc-start testbox 20190910192712.401 TRACE    start - start.c:lxc_init:792 - 
Set container state to "STARTING"
lxc-start testbox 20190910192712.401 TRACE    start - start.c:lxc_init:855 - 
Set environment variables
lxc-start testbox 20190910192712.402 TRACE    start - start.c:lxc_init:862 - 
Ran pre-start hooks
lxc-start testbox 20190910192712.402 TRACE    start - 
start.c:setup_signal_fd:359 - Created signal file descriptor 7
lxc-start testbox 20190910192712.402 TRACE    start - start.c:lxc_init:873 - 
Set up signal fd
lxc-start testbox 20190910192712.412 DEBUG    terminal - 
terminal.c:lxc_terminal_peer_default:707 - No such device - The process does 
not have a controlling terminal
lxc-start testbox 20190910192712.412 TRACE    start - start.c:lxc_init:881 - 
Created console
lxc-start testbox 20190910192712.412 DEBUG    conf - 
conf.c:chown_mapped_root:3166 - trying to chown "/dev/pts/2" to 1000
lxc-start testbox 20190910192712.547 TRACE    terminal - 
terminal.c:lxc_terminal_map_ids:1225 - Chowned terminal "/dev/pts/2"
lxc-start testbox 20190910192712.547 TRACE    start - start.c:lxc_init:888 - 
Chowned console
lxc-start testbox 20190910192712.549 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1031 - basecginfo is:
lxc-start testbox 20190910192712.549 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1032 - 
12:pids:/user.slice/user-1000.slice/session-4.scope
11:devices:/user.slice
10:net_cls,net_prio:/
9:perf_event:/
8:cpu,cpuacct:/user.slice
7:rdma:/
6:cpuset:/
5:hugetlb:/
4:memory:/user.slice/user-1000.slice/session-4.scope
3:blkio:/user.slice
2:freezer:/user/ubuntu/0
1:name=systemd:/user.slice/user-1000.slice/session-4.scope
0::/user.slice/user-1000.slice/session-4.scope

lxc-start testbox 20190910192712.549 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 0: 
pids
lxc-start testbox 20190910192712.549 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 1: 
devices
lxc-start testbox 20190910192712.549 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 2: 
net_cls
lxc-start testbox 20190910192712.549 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 3: 
net_prio
lxc-start testbox 20190910192712.549 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 4: 
perf_event
lxc-start testbox 20190910192712.549 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 5: 
cpu
lxc-start testbox 20190910192712.549 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 6: 
cpuacct
lxc-start testbox 20190910192712.550 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 7: 
rdma
lxc-start testbox 20190910192712.550 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 8: 
cpuset
lxc-start testbox 20190910192712.550 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 9: 
hugetlb
lxc-start testbox 20190910192712.550 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 10: 
memory
lxc-start testbox 20190910192712.550 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 11: 
blkio
lxc-start testbox 20190910192712.550 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 12: 
freezer
lxc-start testbox 20190910192712.550 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1035 - kernel subsystem 13: 
cgroup2
lxc-start testbox 20190910192712.550 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_basecg_debuginfo:1038 - named subsystem 0: 
name=systemd
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:cg_hybrid_init:2459 - Writable cgroup hierarchies:
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1012 -   Hierarchies:
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1017 -   0: base_cgroup: 
/user.slice/user-1000.slice/session-4.scope
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1018 -       mountpoint:  
/sys/fs/cgroup/systemd
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1019 -       controllers:
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1021 -       0: name=systemd
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1017 -   1: base_cgroup: 
/user/ubuntu/0
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1018 -       mountpoint:  
/sys/fs/cgroup/freezer
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1019 -       controllers:
lxc-start testbox 20190910192712.553 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1021 -       0: freezer
lxc-start testbox 20190910192712.554 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1017 -   2: base_cgroup: 
/user.slice/user-1000.slice/session-4.scope
lxc-start testbox 20190910192712.554 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1018 -       mountpoint:  
/sys/fs/cgroup/memory
lxc-start testbox 20190910192712.554 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1019 -       controllers:
lxc-start testbox 20190910192712.554 TRACE    cgfsng - 
cgroups/cgfsng.c:lxc_cgfsng_print_hierarchies:1021 -       0: memory
lxc-start testbox 20190910192712.554 TRACE    cgroup - 
cgroups/cgroup.c:cgroup_init:56 - Initialized cgroup driver cgfsng
lxc-start testbox 20190910192712.554 TRACE    cgroup - 
cgroups/cgroup.c:cgroup_init:61 - Running with hybrid cgroup layout
lxc-start testbox 20190910192712.554 TRACE    start - start.c:lxc_init:895 - 
Initialized cgroup driver
lxc-start testbox 20190910192712.554 INFO     start - start.c:lxc_init:897 - 
Container "testbox" is initialized
lxc-start testbox 20190910192712.561 TRACE    start - start.c:lxc_spawn:1684 - 
Cloned child process 8596
lxc-start testbox 20190910192712.561 INFO     start - start.c:lxc_spawn:1688 - 
Cloned CLONE_NEWUSER
lxc-start testbox 20190910192712.561 INFO     start - start.c:lxc_spawn:1688 - 
Cloned CLONE_NEWNS
lxc-start testbox 20190910192712.561 INFO     start - start.c:lxc_spawn:1688 - 
Cloned CLONE_NEWPID
lxc-start testbox 20190910192712.561 INFO     start - start.c:lxc_spawn:1688 - 
Cloned CLONE_NEWUTS
lxc-start testbox 20190910192712.561 INFO     start - start.c:lxc_spawn:1688 - 
Cloned CLONE_NEWIPC
lxc-start testbox 20190910192712.561 DEBUG    start - 
start.c:lxc_try_preserve_namespaces:196 - Preserved user namespace via fd 14
lxc-start testbox 20190910192712.561 DEBUG    start - 
start.c:lxc_try_preserve_namespaces:196 - Preserved mnt namespace via fd 15
lxc-start testbox 20190910192712.562 DEBUG    start - 
start.c:lxc_try_preserve_namespaces:196 - Preserved pid namespace via fd 16
lxc-start testbox 20190910192712.562 DEBUG    start - 
start.c:lxc_try_preserve_namespaces:196 - Preserved uts namespace via fd 17
lxc-start testbox 20190910192712.562 DEBUG    start - 
start.c:lxc_try_preserve_namespaces:196 - Preserved ipc namespace via fd 18
lxc-start testbox 20190910192712.562 DEBUG    conf - 
conf.c:idmaptool_on_path_and_privileged:2836 - The binary "/usr/bin/newuidmap" 
does have the setuid bit set
lxc-start testbox 20190910192712.562 DEBUG    conf - 
conf.c:idmaptool_on_path_and_privileged:2836 - The binary "/usr/bin/newgidmap" 
does have the setuid bit set
lxc-start testbox 20190910192712.562 TRACE    caps - 
caps.c:lxc_ambient_caps_up:192 - Raised = 
cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,cap_wake_alarm,cap_block_suspend,cap_audit_read+eip
 in inheritable and ambient capability set
lxc-start testbox 20190910192712.563 DEBUG    conf - conf.c:lxc_map_ids:2928 - 
Functional newuidmap and newgidmap binary found
lxc-start testbox 20190910192712.595 TRACE    conf - conf.c:lxc_map_ids:3002 - 
newuidmap wrote mapping "newuidmap 8596 0 100000 65536"
lxc-start testbox 20190910192712.626 TRACE    conf - conf.c:lxc_map_ids:3002 - 
newgidmap wrote mapping "newgidmap 8596 0 100000 65536"
lxc-start testbox 20190910192712.632 INFO     start - start.c:do_start:1136 - 
Unshared CLONE_NEWNET
lxc-start testbox 20190910192712.633 INFO     cgfsng - 
cgroups/cgfsng.c:__cg_legacy_setup_limits:2237 - Limits for the legacy cgroup 
hierarchies have been setup
lxc-start testbox 20190910192712.635 TRACE    conf - 
conf.c:get_minimal_idmap:4265 - Allocated minimal idmapping
lxc-start testbox 20190910192712.637 TRACE    conf - conf.c:userns_exec_1:4345 
- Establishing uid mapping for "8601" in new user namespace: nsuid 0 - hostid 
100000 - range 65536
lxc-start testbox 20190910192712.637 TRACE    conf - conf.c:userns_exec_1:4345 
- Establishing uid mapping for "8601" in new user namespace: nsuid 65536 - 
hostid 1000 - range 1
lxc-start testbox 20190910192712.637 TRACE    conf - conf.c:userns_exec_1:4345 
- Establishing gid mapping for "8601" in new user namespace: nsuid 0 - hostid 
100000 - range 65536
lxc-start testbox 20190910192712.637 TRACE    conf - conf.c:userns_exec_1:4345 
- Establishing gid mapping for "8601" in new user namespace: nsuid 65536 - 
hostid 1000 - range 1
lxc-start testbox 20190910192712.638 DEBUG    conf - 
conf.c:idmaptool_on_path_and_privileged:2836 - The binary "/usr/bin/newuidmap" 
does have the setuid bit set
lxc-start testbox 20190910192712.638 DEBUG    conf - 
conf.c:idmaptool_on_path_and_privileged:2836 - The binary "/usr/bin/newgidmap" 
does have the setuid bit set
lxc-start testbox 20190910192712.638 DEBUG    conf - conf.c:lxc_map_ids:2928 - 
Functional newuidmap and newgidmap binary found
lxc-start testbox 20190910192712.670 TRACE    conf - conf.c:lxc_map_ids:3002 - 
newuidmap wrote mapping "newuidmap 8601 0 100000 65536 65536 1000 1"
lxc-start testbox 20190910192712.702 TRACE    conf - conf.c:lxc_map_ids:3002 - 
newgidmap wrote mapping "newgidmap 8601 0 100000 65536 65536 1000 1"
lxc-start testbox 20190910192712.703 TRACE    conf - conf.c:run_userns_fn:4091 
- Calling function "chown_cgroup_wrapper"
lxc-start testbox 20190910192712.709 DEBUG    start - start.c:lxc_spawn:1742 - 
Preserved net namespace via fd 10
lxc-start testbox 20190910192712.709 WARN     start - start.c:lxc_spawn:1746 - 
Operation not permitted - Failed to allocate new network namespace id
lxc-start testbox 20190910192712.713 INFO     network - 
network.c:lxc_create_network_unpriv_exec:2150 - Execing lxc-user-nic create 
/home/ubuntu/lxc testbox 8596 veth lxcbr0 (null)
lxc-start testbox 20190910192712.134 TRACE    network - 
network.c:lxc_create_network_unpriv_exec:2181 - Received output 
"eth0:58:vethC0OBRR:59" from lxc-user-nic
lxc-start testbox 20190910192712.134 TRACE    network - 
network.c:lxc_network_send_veth_names_to_child:3077 - Sent network device name 
"eth0" to child
lxc-start testbox 20190910192712.134 TRACE    network - 
network.c:lxc_network_recv_veth_names_from_parent:3102 - Received network 
device name "eth0" from parent
lxc-start testbox 20190910192712.134 NOTICE   utils - 
utils.c:lxc_switch_uid_gid:1378 - Switched to gid 0
lxc-start testbox 20190910192712.134 NOTICE   utils - 
utils.c:lxc_switch_uid_gid:1387 - Switched to uid 0
lxc-start testbox 20190910192712.134 NOTICE   utils - 
utils.c:lxc_setgroups:1400 - Dropped additional groups
lxc-start testbox 20190910192712.134 INFO     start - start.c:do_start:1242 - 
Unshared CLONE_NEWCGROUP
lxc-start testbox 20190910192712.135 TRACE    conf - 
conf.c:remount_all_slave:3349 - Remounted all mount table entries as MS_SLAVE
lxc-start testbox 20190910192712.135 DEBUG    storage - 
storage/storage.c:get_storage_by_name:231 - Detected rootfs type "dir"
lxc-start testbox 20190910192712.135 TRACE    dir - storage/dir.c:dir_mount:203 
- Mounted "/home/ubuntu/lxc/testbox/rootfs" on "/usr/lib/x86_64-linux-gnu/lxc"
lxc-start testbox 20190910192712.135 DEBUG    conf - 
conf.c:lxc_mount_rootfs:1332 - Mounted rootfs "/home/ubuntu/lxc/testbox/rootfs" 
onto "/usr/lib/x86_64-linux-gnu/lxc" with options "(null)"
lxc-start testbox 20190910192712.135 INFO     conf - conf.c:setup_utsname:791 - 
Set hostname to "testbox"
lxc-start testbox 20190910192712.136 DEBUG    network - 
network.c:setup_hw_addr:2767 - Mac address "00:16:3e:0b:60:a9" on "eth0" has 
been setup
lxc-start testbox 20190910192712.138 DEBUG    network - 
network.c:lxc_setup_netdev_in_child_namespaces:3032 - Network device "eth0" has 
been setup
lxc-start testbox 20190910192712.138 INFO     network - 
network.c:lxc_setup_network_in_child_namespaces:3053 - network has been setup
lxc-start testbox 20190910192712.138 INFO     conf - conf.c:mount_autodev:1118 
- Preparing "/dev"
lxc-start testbox 20190910192712.138 TRACE    conf - conf.c:mount_autodev:1142 
- Mounted tmpfs on "/usr/lib/x86_64-linux-gnu/lxc/dev"
lxc-start testbox 20190910192712.138 INFO     conf - conf.c:mount_autodev:1165 
- Prepared "/dev"
lxc-start testbox 20190910192712.139 INFO     conf - conf.c:run_script_argv:356 
- Executing script "/usr/share/lxcfs/lxc.mount.hook" for container "testbox", 
config section "lxc"
lxc-start testbox 20190910192712.168 INFO     conf - 
conf.c:lxc_fill_autodev:1209 - Populating "/dev"
lxc-start testbox 20190910192712.168 DEBUG    conf - 
conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/full" onto 
"/usr/lib/x86_64-linux-gnu/lxc/dev/full"
lxc-start testbox 20190910192712.168 DEBUG    conf - 
conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/null" onto 
"/usr/lib/x86_64-linux-gnu/lxc/dev/null"
lxc-start testbox 20190910192712.168 DEBUG    conf - 
conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/random" onto 
"/usr/lib/x86_64-linux-gnu/lxc/dev/random"
lxc-start testbox 20190910192712.169 DEBUG    conf - 
conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/tty" onto 
"/usr/lib/x86_64-linux-gnu/lxc/dev/tty"
lxc-start testbox 20190910192712.169 DEBUG    conf - 
conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/urandom" 
onto "/usr/lib/x86_64-linux-gnu/lxc/dev/urandom"
lxc-start testbox 20190910192712.169 DEBUG    conf - 
conf.c:lxc_fill_autodev:1282 - Bind mounted host device node "/dev/zero" onto 
"/usr/lib/x86_64-linux-gnu/lxc/dev/zero"
lxc-start testbox 20190910192712.169 INFO     conf - 
conf.c:lxc_fill_autodev:1286 - Populated "/dev"
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2027 - 
Remounting "/sys/fs/fuse/connections" on 
"/usr/lib/x86_64-linux-gnu/lxc/sys/fs/fuse/connections" to respect bind or 
remount options
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2048 - 
Flags for "/sys/fs/fuse/connections" were 4096, required extra flags are 0
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2058 - 
Mountflags already were 4096, skipping remount
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2102 - 
Mounted "/sys/fs/fuse/connections" on 
"/usr/lib/x86_64-linux-gnu/lxc/sys/fs/fuse/connections" with filesystem type 
"none"
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2027 - 
Remounting "/sys/kernel/debug" on 
"/usr/lib/x86_64-linux-gnu/lxc/sys/kernel/debug" to respect bind or remount 
options
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2048 - 
Flags for "/sys/kernel/debug" were 4096, required extra flags are 0
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2058 - 
Mountflags already were 4096, skipping remount
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2102 - 
Mounted "/sys/kernel/debug" on "/usr/lib/x86_64-linux-gnu/lxc/sys/kernel/debug" 
with filesystem type "none"
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2027 - 
Remounting "/sys/kernel/security" on 
"/usr/lib/x86_64-linux-gnu/lxc/sys/kernel/security" to respect bind or remount 
options
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2048 - 
Flags for "/sys/kernel/security" were 4110, required extra flags are 14
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2102 - 
Mounted "/sys/kernel/security" on 
"/usr/lib/x86_64-linux-gnu/lxc/sys/kernel/security" with filesystem type "none"
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2027 - 
Remounting "/sys/fs/pstore" on "/usr/lib/x86_64-linux-gnu/lxc/sys/fs/pstore" to 
respect bind or remount options
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2048 - 
Flags for "/sys/fs/pstore" were 4110, required extra flags are 14
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2102 - 
Mounted "/sys/fs/pstore" on "/usr/lib/x86_64-linux-gnu/lxc/sys/fs/pstore" with 
filesystem type "none"
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2102 - 
Mounted "mqueue" on "/usr/lib/x86_64-linux-gnu/lxc/dev/mqueue" with filesystem 
type "mqueue"
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2027 - 
Remounting "/sys/firmware/efi/efivars" on 
"/usr/lib/x86_64-linux-gnu/lxc/sys/firmware/efi/efivars" to respect bind or 
remount options
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2048 - 
Flags for "/sys/firmware/efi/efivars" were 4110, required extra flags are 14
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2102 - 
Mounted "/sys/firmware/efi/efivars" on 
"/usr/lib/x86_64-linux-gnu/lxc/sys/firmware/efi/efivars" with filesystem type 
"none"
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2027 - 
Remounting "/proc/sys/fs/binfmt_misc" on 
"/usr/lib/x86_64-linux-gnu/lxc/proc/sys/fs/binfmt_misc" to respect bind or 
remount options
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2048 - 
Flags for "/proc/sys/fs/binfmt_misc" were 4096, required extra flags are 0
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2058 - 
Mountflags already were 4096, skipping remount
lxc-start testbox 20190910192712.169 DEBUG    conf - conf.c:mount_entry:2102 - 
Mounted "/proc/sys/fs/binfmt_misc" on 
"/usr/lib/x86_64-linux-gnu/lxc/proc/sys/fs/binfmt_misc" with filesystem type 
"none"
lxc-start testbox 20190910192712.169 INFO     conf - 
conf.c:mount_file_entries:2333 - Finished setting up mounts
lxc-start testbox 20190910192712.169 DEBUG    conf - 
conf.c:lxc_setup_dev_console:1771 - Mounted pts device "/dev/pts/2" onto 
"/usr/lib/x86_64-linux-gnu/lxc/dev/console"
lxc-start testbox 20190910192712.169 INFO     utils - 
utils.c:lxc_mount_proc_if_needed:1231 - I am 1, /proc/self points to "1"
lxc-start testbox 20190910192712.170 TRACE    conf - conf.c:lxc_pivot_root:1540 
- pivot_root("/usr/lib/x86_64-linux-gnu/lxc") successful
lxc-start testbox 20190910192712.170 WARN     conf - 
conf.c:lxc_setup_devpts:1616 - Invalid argument - Failed to unmount old devpts 
instance
lxc-start testbox 20190910192712.170 DEBUG    conf - 
conf.c:lxc_setup_devpts:1653 - Mount new devpts instance with options 
"gid=5,newinstance,ptmxmode=0666,mode=0620,max=1024"
lxc-start testbox 20190910192712.170 DEBUG    conf - 
conf.c:lxc_setup_devpts:1672 - Created dummy "/dev/ptmx" file as bind mount 
target
lxc-start testbox 20190910192712.170 DEBUG    conf - 
conf.c:lxc_setup_devpts:1677 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx"
lxc-start testbox 20190910192712.170 DEBUG    conf - 
conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/0" with master fd 11 and 
slave fd 14
lxc-start testbox 20190910192712.170 DEBUG    conf - 
conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/1" with master fd 15 and 
slave fd 16
lxc-start testbox 20190910192712.170 DEBUG    conf - 
conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/2" with master fd 17 and 
slave fd 18
lxc-start testbox 20190910192712.170 DEBUG    conf - 
conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/3" with master fd 19 and 
slave fd 20
lxc-start testbox 20190910192712.170 INFO     conf - 
conf.c:lxc_allocate_ttys:1005 - Finished creating 4 tty devices
lxc-start testbox 20190910192712.170 TRACE    conf - 
conf.c:lxc_send_ttys_to_parent:1057 - Sent tty "/dev/pts/0" with master fd 11 
and slave fd 14 to parent
lxc-start testbox 20190910192712.170 TRACE    conf - 
conf.c:lxc_send_ttys_to_parent:1057 - Sent tty "/dev/pts/1" with master fd 15 
and slave fd 16 to parent
lxc-start testbox 20190910192712.170 TRACE    conf - 
conf.c:lxc_send_ttys_to_parent:1057 - Sent tty "/dev/pts/2" with master fd 17 
and slave fd 18 to parent
lxc-start testbox 20190910192712.170 TRACE    conf - 
conf.c:lxc_send_ttys_to_parent:1057 - Sent tty "/dev/pts/3" with master fd 19 
and slave fd 20 to parent
lxc-start testbox 20190910192712.170 TRACE    conf - 
conf.c:lxc_send_ttys_to_parent:1063 - Sent 4 ttys to parent
lxc-start testbox 20190910192712.170 DEBUG    conf - conf.c:lxc_setup_ttys:940 
- Bind mounted "/dev/pts/0" onto "/dev/tty1"
lxc-start testbox 20190910192712.170 DEBUG    conf - conf.c:lxc_setup_ttys:940 
- Bind mounted "/dev/pts/1" onto "/dev/tty2"
lxc-start testbox 20190910192712.170 DEBUG    conf - conf.c:lxc_setup_ttys:940 
- Bind mounted "/dev/pts/2" onto "/dev/tty3"
lxc-start testbox 20190910192712.170 DEBUG    conf - conf.c:lxc_setup_ttys:940 
- Bind mounted "/dev/pts/3" onto "/dev/tty4"
lxc-start testbox 20190910192712.170 INFO     conf - conf.c:lxc_setup_ttys:949 
- Finished setting up 4 /dev/tty<N> device(s)
lxc-start testbox 20190910192712.170 INFO     conf - 
conf.c:setup_personality:1716 - Set personality to "0x0"
lxc-start testbox 20190910192712.170 DEBUG    conf - conf.c:setup_caps:2506 - 
Capabilities have been setup
lxc-start testbox 20190910192712.170 NOTICE   conf - conf.c:lxc_setup:3692 - 
The container "testbox" is set up
lxc-start testbox 20190910192712.170 INFO     lsm - 
lsm/lsm.c:lsm_process_label_set_at:178 - Set AppArmor label to 
"lxc-container-default-cgns"
lxc-start testbox 20190910192712.170 INFO     apparmor - 
lsm/apparmor.c:apparmor_process_label_set:249 - Changed apparmor profile to 
lxc-container-default-cgns
#
# pseudo filter code start
#
# filter for arch x86_64 (3221225534)
if ($arch == 3221225534)
  # filter for syscall "finit_module" (313) [priority: 65535]
  if ($syscall == 313)
    action ERRNO(1);
  # filter for syscall "open_by_handle_at" (304) [priority: 65535]
  if ($syscall == 304)
    action ERRNO(1);
  # filter for syscall "kexec_load" (246) [priority: 65535]
  if ($syscall == 246)
    action ERRNO(1);
  # filter for syscall "delete_module" (176) [priority: 65535]
  if ($syscall == 176)
    action ERRNO(1);
  # filter for syscall "init_module" (175) [priority: 65535]
  if ($syscall == 175)
    action ERRNO(1);
  # filter for syscall "umount2" (166) [priority: 65533]
  if ($syscall == 166)
    if ($a1.hi32 & 0x00000000 == 0)
      if ($a1.lo32 & 0x00000001 == 1)
        action ERRNO(13);
  # default action
  action ALLOW;
# filter for arch x86 (1073741827)
if ($arch == 1073741827)
  # filter for syscall "finit_module" (350) [priority: 65535]
  if ($syscall == 350)
    action ERRNO(1);
  # filter for syscall "open_by_handle_at" (342) [priority: 65535]
  if ($syscall == 342)
    action ERRNO(1);
  # filter for syscall "kexec_load" (283) [priority: 65535]
  if ($syscall == 283)
    action ERRNO(1);
  # filter for syscall "delete_module" (129) [priority: 65535]
  if ($syscall == 129)
    action ERRNO(1);
  # filter for syscall "init_module" (128) [priority: 65535]
  if ($syscall == 128)
    action ERRNO(1);
  # filter for syscall "umount2" (52) [priority: 65534]
  if ($syscall == 52)
    if ($a1 & 0x00000001 == 1)
      action ERRNO(13);
  # default action
  action ALLOW;
# filter for arch x32 (3221225534)
if ($arch == 3221225534)
  # filter for syscall "kexec_load" (1073742352) [priority: 65535]
  if ($syscall == 1073742352)
    action ERRNO(1);
  # filter for syscall "finit_module" (1073742137) [priority: 65535]
  if ($syscall == 1073742137)
    action ERRNO(1);
  # filter for syscall "open_by_handle_at" (1073742128) [priority: 65535]
  if ($syscall == 1073742128)
    action ERRNO(1);
  # filter for syscall "delete_module" (1073742000) [priority: 65535]
  if ($syscall == 1073742000)
    action ERRNO(1);
  # filter for syscall "init_module" (1073741999) [priority: 65535]
  if ($syscall == 1073741999)
    action ERRNO(1);
  # filter for syscall "umount2" (1073741990) [priority: 65534]
  if ($syscall == 1073741990)
    if ($a1 & 0x00000001 == 1)
      action ERRNO(13);
  # default action
  action ALLOW;
# invalid architecture action
action KILL;
#
# pseudo filter code end
#
lxc-start testbox 20190910192712.171 WARN     cgfsng - 
cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
lxc-start testbox 20190910192712.171 ERROR    cgfsng - 
cgroups/cgfsng.c:cg_legacy_set_data:2191 - Failed to setup limits for the 
"devices" controller. The controller seems to be unused by "cgfsng" cgroup 
driver or not enabled on the cgroup hierarchy
lxc-start testbox 20190910192712.171 WARN     cgfsng - 
cgroups/cgfsng.c:__cg_legacy_setup_limits:2228 - Failed to set "devices.allow" 
to "c 10:57 rwm"
lxc-start testbox 20190910192712.171 ERROR    start - start.c:lxc_spawn:1802 - 
Failed to setup legacy device cgroup controller limits
lxc-start testbox 20190910192712.171 DEBUG    network - 
network.c:lxc_delete_network:3180 - Deleted network devices
lxc-start testbox 20190910192712.171 TRACE    start - 
start.c:lxc_serve_state_socket_pair:536 - Sent container state "ABORTING" to 5
lxc-start testbox 20190910192712.171 TRACE    start - 
start.c:lxc_serve_state_clients:466 - Set container state to ABORTING
lxc-start testbox 20190910192712.171 TRACE    start - 
start.c:lxc_serve_state_clients:469 - No state clients registered
lxc-start testbox 20190910192712.171 DEBUG    lxccontainer - 
lxccontainer.c:wait_on_daemonized_start:830 - First child 8588 exited
lxc-start testbox 20190910192712.171 ERROR    lxccontainer - 
lxccontainer.c:wait_on_daemonized_start:842 - Received container state 
"ABORTING" instead of "RUNNING"
lxc-start testbox 20190910192712.171 ERROR    lxc_start - 
tools/lxc_start.c:main:330 - The container failed to start
lxc-start testbox 20190910192712.171 ERROR    lxc_start - 
tools/lxc_start.c:main:333 - To get more details, run the container in 
foreground mode
lxc-start testbox 20190910192712.171 ERROR    lxc_start - 
tools/lxc_start.c:main:336 - Additional information can be obtained by setting 
the --logfile and --logpriority options
lxc-start testbox 20190910192712.171 ERROR    start - start.c:__lxc_start:1939 
- Failed to spawn container "testbox"
lxc-start testbox 20190910192712.171 TRACE    start - 
start.c:lxc_serve_state_clients:466 - Set container state to STOPPING
lxc-start testbox 20190910192712.171 TRACE    start - 
start.c:lxc_serve_state_clients:469 - No state clients registered
lxc-start testbox 20190910192712.171 TRACE    conf - 
conf.c:get_minimal_idmap:4265 - Allocated minimal idmapping
lxc-start testbox 20190910192712.171 TRACE    conf - conf.c:userns_exec_1:4345 
- Establishing uid mapping for "8669" in new user namespace: nsuid 0 - hostid 
100000 - range 65536
lxc-start testbox 20190910192712.171 TRACE    conf - conf.c:userns_exec_1:4345 
- Establishing uid mapping for "8669" in new user namespace: nsuid 65536 - 
hostid 1000 - range 1
lxc-start testbox 20190910192712.171 TRACE    conf - conf.c:userns_exec_1:4345 
- Establishing gid mapping for "8669" in new user namespace: nsuid 0 - hostid 
100000 - range 65536
lxc-start testbox 20190910192712.171 TRACE    conf - conf.c:userns_exec_1:4345 
- Establishing gid mapping for "8669" in new user namespace: nsuid 65536 - 
hostid 1000 - range 1
lxc-start testbox 20190910192712.171 DEBUG    conf - 
conf.c:idmaptool_on_path_and_privileged:2836 - The binary "/usr/bin/newuidmap" 
does have the setuid bit set
lxc-start testbox 20190910192712.171 DEBUG    conf - 
conf.c:idmaptool_on_path_and_privileged:2836 - The binary "/usr/bin/newgidmap" 
does have the setuid bit set
lxc-start testbox 20190910192712.171 DEBUG    conf - conf.c:lxc_map_ids:2928 - 
Functional newuidmap and newgidmap binary found
lxc-start testbox 20190910192712.173 TRACE    conf - conf.c:lxc_map_ids:3002 - 
newuidmap wrote mapping "newuidmap 8669 0 100000 65536 65536 1000 1"
lxc-start testbox 20190910192712.175 TRACE    conf - conf.c:lxc_map_ids:3002 - 
newgidmap wrote mapping "newgidmap 8669 0 100000 65536 65536 1000 1"
lxc-start testbox 20190910192712.175 TRACE    conf - conf.c:run_userns_fn:4091 
- Calling function "cgroup_rmdir_wrapper"
lxc-start testbox 20190910192712.176 TRACE    start - start.c:lxc_fini:1001 - 
Closed command socket
lxc-start testbox 20190910192712.176 TRACE    start - start.c:lxc_fini:1012 - 
Set container state to "STOPPED"
lxc-start testbox 20190910192712.176 INFO     conf - conf.c:run_script_argv:356 
- Executing script "/usr/share/lxcfs/lxc.reboot.hook" for container "testbox", 
config section "lxc"

** Affects: lxc (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1843490

Title:
  lxc.cgroup.devices.allow prevents unprivileged container from starting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1843490/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1843490] [NEW] lxc.cgroup.devices.allow prevents unprivileged container from starting

Reply via email to