<div dir="ltr"><div><div>Hi Serge,<br><br></div>Yes, I downloaded a fresh template for ubuntu and its overlay clones start okay, and I'm able to attach and run commands on them. However, eth0 has no IP assigned when unconfined.<br></div><div><br>I think the problem might be related to changes in systemd (I'm using version 219) and overlayfs on vivid. I do see many permission denied messages in the boot logs of the container (please see attached an example output), but couldn't find much help online. <br><font size="1"><i><span style="font-family:monospace,monospace"><br></span></i><font size="2"><span style="font-family:arial,helvetica,sans-serif">lxc-attach -n test -- ifconfig -a</span></font><span style="font-family:monospace,monospace"><br></span></font><div style="margin-left:40px"><font size="1"><span style="font-family:monospace,monospace">eth0 Link encap:Ethernet HWaddr 00:16:3e:23:59:24 </span></font><br><font size="1"><span style="font-family:monospace,monospace"> inet6 addr: fe80::216:3eff:fe23:5924/64 Scope:Link</span></font><br><font size="1"><span style="font-family:monospace,monospace"> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</span></font><br><font size="1"><span style="font-family:monospace,monospace"> RX packets:29 errors:0 dropped:0 overruns:0 frame:0</span></font><br><font size="1"><span style="font-family:monospace,monospace"> TX packets:8 errors:0 dropped:0 overruns:0 carrier:0</span></font><br><font size="1"><span style="font-family:monospace,monospace"> collisions:0 txqueuelen:1000 </span></font><br><font size="1"><span style="font-family:monospace,monospace"> RX bytes:4285 (4.2 KB) TX bytes:648 (648.0 B)</span></font><br><font size="1"><span style="font-family:monospace,monospace"></span></font><br><font size="1"><span style="font-family:monospace,monospace">lo Link encap:Local Loopback </span></font><br><font size="1"><span style="font-family:monospace,monospace"> inet addr:127.0.0.1 Mask:255.0.0.0</span></font><br><font size="1"><span style="font-family:monospace,monospace"> inet6 addr: ::1/128 Scope:Host</span></font><br><font size="1"><span style="font-family:monospace,monospace"> UP LOOPBACK RUNNING MTU:65536 Metric:1</span></font><br><font size="1"><span style="font-family:monospace,monospace"> RX packets:24 errors:0 dropped:0 overruns:0 frame:0</span></font><br><font size="1"><span style="font-family:monospace,monospace"> TX packets:24 errors:0 dropped:0 overruns:0 carrier:0</span></font><br><font size="1"><span style="font-family:monospace,monospace"> collisions:0 txqueuelen:0 </span></font><br><font size="1"><span style="font-family:monospace,monospace"> RX bytes:1888 (1.8 KB) TX bytes:1888 (1.8 KB)</span></font><br></div><div style="margin-left:40px"><font size="1"><span style="font-family:monospace,monospace"></span></font></div><font size="1"><span style="font-family:monospace,monospace"><br></span></font></div><div><font size="1"><font size="2"><span style="font-family:arial,helvetica,sans-serif"><font size="1"><font size="2"><span style="font-family:arial,helvetica,sans-serif">lxc-attach -n test -- </span></font></font>ps -ef</span></font><span style="font-family:monospace,monospace"><br></span></font><div style="margin-left:40px"><font size="1"><span style="font-family:monospace,monospace">UID PID PPID C STIME TTY TIME CMD</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 1 0 0 15:45 ? 00:00:00 /sbin/init</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 352 1 0 15:45 ? 00:00:00 /lib/systemd/systemd-journald</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 613 1 0 15:45 ? 00:00:00 /usr/sbin/cron -f</span></font><br><font size="1"><span style="font-family:monospace,monospace">syslog 673 1 0 15:45 ? 00:00:00 /usr/sbin/rsyslogd -n</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 710 1 0 15:45 ? 00:00:00 /usr/sbin/sshd -D</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 760 1 0 15:45 pts/1 00:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 770 1 0 15:45 lxc/console 00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 v</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 780 1 0 15:45 pts/2 00:00:00 /sbin/agetty --noclear --keep-baud pts/2 115200 38400 9600 vt220</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 790 1 0 15:45 pts/0 00:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 800 1 0 15:45 pts/3 00:00:00 /sbin/agetty --noclear --keep-baud pts/3 115200 38400 9600 vt220</span></font><br><font size="1"><span style="font-family:monospace,monospace">root 913 0 0 15:50 pts/2 00:00:00 ps -ef</span></font><br></div><br></div><div>Thanks!<br></div><div><br></div><div>Best, <br></div><div>Fred<br></div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 5, 2015 at 11:49 AM, Serge Hallyn <span dir="ltr"><<a href="mailto:serge.hallyn@ubuntu.com" target="_blank">serge.hallyn@ubuntu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Quoting Frederico Araujo (<a href="mailto:araujof@gmail.com">araujof@gmail.com</a>):<br>
> Hi,<br>
><br>
> I've been using LXC for over two years without problems. This week, I<br>
> upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs<br>
> containers stopped getting IP assigned. In my machine the error can be<br>
> reproduced in this way:<br>
><br>
> 1. lxc-create -n base -t ubuntu<br>
<br>
</span>Do you have this problem if you use the download template?<br>
<span class=""><br>
> 2. Edit ubuntu/config to add lxc.aa_profile = unconfined<br>
<br>
</span>interesting that it has to be unconfined.<br>
<br>
if you tail -f /var/log/syslog and then start the container, does<br>
the tail -f output show any DENIED messages?<br>
<span class=""><br>
> 3. lxc-clone -s -B overlayfs ubuntu tmp<br>
<br>
</span>Does the 'ubuntu' container start ok?<br>
<span class=""><br>
> 4. lxc-start -n tmp -d<br>
> 5. lxc-ls -f shows:<br>
><br>
> NAME STATE IPV4 IPV6 GROUPS AUTOSTART<br>
> -----------------------------------------------------------------------<br>
</span>> tmp RUNNING - *(no IP)* - - NO<br>
<span class="">> ubuntu STOPPED - - - NO<br>
<br>
</span>Are you able to lxc-attach -n tmp and look around? what does 'ps -ef'<br>
and 'ifconfig -a' show?<br>
<span class=""><br>
> Interestingly, I don't run into this issue when running the container in<br>
> confined mode (without lxc.aa_profile = unconfined). I checked past threads<br>
> in this list and in launchpad, and noticed that some people had problems<br>
> with overlayfs when upgrading to vivid, but it seems that these problems<br>
> were fixed in LXC 1.1 release. I'm running on LXC 1.1.2.<br>
><br>
> Any thoughts?<br>
><br>
> Thanks,<br>
> Fred<br>
<br>
</span>> _______________________________________________<br>
> lxc-users mailing list<br>
> <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
> <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
<br>
_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" rel="noreferrer" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></blockquote></div><br></div>