[lxc-devel] Ubuntu container failure on Fedora...

Stéphane Graber stgraber at ubuntu.com
Tue Nov 12 14:59:25 UTC 2013 

On Tue, Nov 12, 2013 at 08:31:03AM -0500, Michael H. Warfield wrote:
> Ok all...
> 
> Seems like this just started happening in the last few weeks and I'm not
> sure when...  But...  My newly created Ubuntu containers are failing to
> start on my Fedora hosts because of a mount problem.  So...
> 
> What's this, what does it do, and is this really required?
> 
> [root at hydra mhw]# lxc-create -n Ubuntu -t ubuntu -- --release raring
> lxc_container: No such file or directory - Failed to make / rslave to run template
> lxc_container: Continuing...
> Checking cache download in /var/cache/lxc/raring/rootfs-amd64 ... 
> Copy /var/cache/lxc/raring/rootfs-amd64 to /var/lib/lxc/Ubuntu/rootfs ... 
> Copying rootfs to /var/lib/lxc/Ubuntu/rootfs ...
> Generating locales...
>   en_US.UTF-8... up-to-date
> Generation complete.
> Creating SSH2 RSA key; this may take some time ...
> Creating SSH2 DSA key; this may take some time ...
> Creating SSH2 ECDSA key; this may take some time ...
> 
> ##
> # The default user is 'ubuntu' with password 'ubuntu'!
> # Use the 'sudo' command to run tasks as root in the container.
> ##
> 
> [root at hydra mhw]# lxc-start -n Ubuntu
> lxc-start: No such file or directory - failed to mount '/sys/fs/fuse/connections' on '/usr/lib64/lxc/rootfs/sys/fs/fuse/connections'
> lxc-start: failed to setup the mounts for 'Ubuntu'
> lxc-start: failed to setup the container
> lxc-start: invalid sequence number 1. expected 2
> lxc-start: failed to spawn 'Ubuntu'
> [root at hydra mhw]# 
> 
> Now...  If I remove this line from /var/lib/lxc/Ubuntu/fstab, then
> things seem to all work.  The container boots and seems to function.
> 
> /sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0
> 
> What breaks in Ubuntu if I do this?  Why is ANY "fuse" fs being included
> in a container?  Are any hosts expected to have a requirement for user
> space file system?  Ok...  Maybe an overlayfs I can understand, but...
> 
> Regards,
> Mike
> -- 
> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> 

Hi,

fuse is allowed in Ubuntu containers because we consider it safe to use
(as in, no worse than running as a user on the host). It's needed for at
least sshfs and I believe some other workloads that some of our users
are running (we allowed fused as a result of several bug reports).

It sounds like the line could however be changed to:
/sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0

Which would make LXC ignore the mount failure and should make the
container work again for you.

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20131112/57594ec9/attachment.pgp>

More information about the lxc-devel mailing list