Patch to backport the fix into utopic. ** Description changed:
+ [Impact] + + Without this patch containers that don't have a complete apparmor + configuration fail to start. Making lxc unusable to run Debian Sid and Jessie + (at least). + + This bug is not present in Trusty, which ships 1.0.7 (Debian Sid runs + OK). + + [Test Case] + + - Create a debian sid container + $ sudo env SUITE=sid lxc-create -t debian -n sid + + - Start the container + $ sudo lxc-start -n sid + + Expected behavior: + + The container is started + + Actual behavior: + + $ sudo lxc-start -F -n sid + lxc-start: lsm/apparmor.c: mount_feature_enabled: 61 Permission denied - Error mounting securityfs + lxc-start: lsm/apparmor.c: apparmor_process_label_set: 186 If you really want to start this container, set + lxc-start: lsm/apparmor.c: apparmor_process_label_set: 187 lxc.aa_allow_incomplete = 1 + lxc-start: lsm/apparmor.c: apparmor_process_label_set: 188 in your container configuration file + lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 4 + lxc-start: start.c: __lxc_start: 1087 failed to spawn 'sid' + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing name=systemd:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing perf_event:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing net_prio:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing net_cls:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing memory:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing hugetlb:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing freezer:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing devices:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing cpuset:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing cpuacct:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing cpu:lxc/sid-2 + lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request + lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing blkio:lxc/sid-2 + lxc-start: lxc_start.c: main: 337 The container failed to start. + lxc-start: lxc_start.c: main: 341 Additional information can be obtained by setting the --logfile and --logpriority options. + + + [Regression Potential] + + No regressions expected, different versions of Ubuntu and Debian containers + were tested with this patch applied. + + [Other Info] + On utopic using lxc version 1.1.0~alpha2-0ubuntu3, I was unable to start a container. $ sudo lxc-start -F -n lxc-errors lxc-start: lsm/apparmor.c: mount_feature_enabled: 61 Permission denied - Error mounting securityfs lxc-start: lsm/apparmor.c: apparmor_process_label_set: 186 If you really want to start this container, set lxc-start: lsm/apparmor.c: apparmor_process_label_set: 187 lxc.aa_allow_incomplete = 1 lxc-start: lsm/apparmor.c: apparmor_process_label_set: 188 in your container configuration file lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 4 lxc-start: start.c: __lxc_start: 1087 failed to spawn 'lxc-errors' lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing name=systemd:lxc/lxc-errors-2 Switching to the version of lxc in http://ppa.launchpad.net/ubuntu- lxc/daily/ resolved the failure to start for me. ** Summary changed: - failure to start a container + [SRU] failure to start a container ** Changed in: lxc (Ubuntu Trusty) Assignee: Felipe Reyes (freyes) => (unassigned) ** Patch added: "utopic_lp1386840.debdiff" https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1386840/+attachment/4311145/+files/utopic_lp1386840.debdiff ** Changed in: lxc (Ubuntu Trusty) Status: Confirmed => Incomplete ** Changed in: lxc (Ubuntu Utopic) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1386840 Title: [SRU] failure to start a container To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1386840/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
