I've downgraded systemd to 225-1ubuntu9.1 from wily/proposed. Kernel is
still linux-image-4.5.0-040500rc4-generic and lxc is
1.1.5-0ubuntu0.15.10.3 from wily-updates.
Unfortunately, when I now start the lxc container, I seem to hit a
different bug. I get:
lxc-start 1455870309.289 INFO lxc_conf - conf.c:setup_tty:1080 - 4
tty(s) has been setup
lxc-start 1455870309.289 INFO lxc_conf -
conf.c:setup_personality:1473 - set personality to '0x0'
lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2279 -
drop capability 'mac_admin' (33)
lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2279 -
drop capability 'mac_override' (32)
lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2279 -
drop capability 'sys_time' (25)
lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2279 -
drop capability 'sys_module' (16)
lxc-start 1455870309.289 DEBUG lxc_conf - conf.c:setup_caps:2288 -
capabilities have been setup
lxc-start 1455870309.289 NOTICE lxc_conf - conf.c:lxc_setup:4026 -
'aansluitform-deploy' is setup.
lxc-start 1455870309.289 WARN lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:167 - Incomplete AppArmor support in
your kernel
lxc-start 1455870309.289 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:169 - If you really want to start
this container, set
lxc-start 1455870309.289 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:170 - lxc.aa_allow_incomplete = 1
lxc-start 1455870309.289 ERROR lxc_apparmor -
lsm/apparmor.c:apparmor_process_label_set:171 - in your container configuration
file
lxc-start 1455870309.289 ERROR lxc_sync - sync.c:__sync_wait:51 -
invalid sequence number 1. expected 4
lxc-start 1455870309.289 ERROR lxc_start - start.c:__lxc_start:1213 -
failed to spawn 'aansluitform-deploy'
lxc-start 1455870309.290 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:523 - call to cgmanager_remove_sync failed:
invalid request
lxc-start 1455870309.290 ERROR lxc_cgmanager -
cgmanager.c:cgm_remove_cgroup:525 - Error removing all:lxc/aansluitform-deploy-8
lxc-start 1455870309.317 WARN lxc_commands -
commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive
response
lxc-start 1455870309.317 WARN lxc_cgmanager - cgmanager.c:cgm_get:994
- do_cgm_get exited with error
lxc-start 1455870314.321 ERROR lxc_start_ui - lxc_start.c:main:344 -
The container failed to start.
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start 1455870314.321 ERROR lxc_start_ui - lxc_start.c:main:346 -
To get more details, run the container in foreground mode.
lxc-start: lxc_start.c: main: 346 To get more details, run the container in
foreground mode.
lxc-start 1455870314.321 ERROR lxc_start_ui - lxc_start.c:main:348 -
Additional information can be obtained by setting the --logfile and
--logpriority options.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
When adding the suggested apparmor parameter to the config file, the apparmor
error disappear, but the cgmanager errors are identical (but different than
before)...
Any ideas?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833
Title:
unprivileged lxc containers won't start, need to put sessions into
"pids" cgroup controller
Status in lxc package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Fix Released
Status in lxc source package in Wily:
New
Status in systemd source package in Wily:
Fix Committed
Bug description:
I'n trying to get (unpriviliged) lxc containers to run on wily. I
create a container like this:
> lxc-create -t download -n u1 -- -d ubuntu -r wily -a amd64
that works. However, starting the container fails:
> lxc-start -n u1
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 346 To get more details, run the container in
foreground mode.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
Setting the log priority to debug shows the following (relevant part
only):
lxc-start 1452717530.484 INFO lxc_start - start.c:lxc_init:474 -
'u1' is initialized
lxc-start 1452717530.484 DEBUG lxc_start - start.c:__lxc_start:1186
- Not dropping cap_sys_boot or watching utmp
lxc-start 1452717530.484 INFO lxc_start -
start.c:resolve_clone_flags:883 - Cloning a new user namespace
lxc-start 1452717530.484 INFO lxc_cgroup - cgroup.c:cgroup_init:65
- cgroup driver cgmanager initing for u1
lxc-start 1452717530.489 ERROR lxc_cgmanager -
cgmanager.c:lxc_cgmanager_enter:698 - call to cgmanager_move_pid_sync failed:
invalid request
lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to
cgmanager_move_pid_sync failed: invalid request
lxc-start 1452717530.490 ERROR lxc_start - start.c:__lxc_start:1213
- failed to spawn 'u1'
lxc-start: start.c: __lxc_start: 1213 failed to spawn 'u1'
lxc-start 1452717530.513 ERROR lxc_start_ui - lxc_start.c:main:344 -
The container failed to start.
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start 1452717530.513 ERROR lxc_start_ui - lxc_start.c:main:348 -
Additional information can be obtained by setting the --logfile and
--logpriority options.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
lxc-start 1452717530.484 INFO lxc_start - start.c:lxc_init:474 -
'u1' is initialized
lxc-start 1452717530.484 DEBUG lxc_start - start.c:__lxc_start:1186
- Not dropping cap_sys_boot or watching utmp
lxc-start 1452717530.484 INFO lxc_start -
start.c:resolve_clone_flags:883 - Cloning a new user namespace
lxc-start 1452717530.484 INFO lxc_cgroup - cgroup.c:cgroup_init:65
- cgroup driver cgmanager initing for u1
lxc-start 1452717530.489 ERROR lxc_cgmanager -
cgmanager.c:lxc_cgmanager_enter:698 - call to cgmanager_move_pid_sync failed:
invalid request
lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to
cgmanager_move_pid_sync failed: invalid request
lxc-start 1452717530.490 ERROR lxc_start - start.c:__lxc_start:1213
- failed to spawn 'u1'
lxc-start: start.c: __lxc_start: 1213 failed to spawn 'u1'
lxc-start 1452717530.513 ERROR lxc_start_ui - lxc_start.c:main:344 -
The container failed to start.
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start 1452717530.513 ERROR lxc_start_ui - lxc_start.c:main:348 -
Additional information can be obtained by setting the --logfile and
--logpriority options.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by
setting the --logfile and --logpriority options.
So it seems a cgmanager issue. Syslog shows:
Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager:do_create_main: pid 25615
(uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids
Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager: Invalid path
/run/cgmanager/fs/pids/lxc/u1
Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager:per_ctrl_move_pid_main:
Invalid path /run/cgmanager/fs/pids/lxc/u1
Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager:do_create_main: pid 25632
(uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids
Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager: Invalid path
/run/cgmanager/fs/pids/lxc/u1
Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager:per_ctrl_move_pid_main:
Invalid path /run/cgmanager/fs/pids/lxc/u1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
