[lxc-devel] Problem with apt-get upgrade with Ubuntu container on Fedora host.
Michael H. Warfield
mhw at WittsEnd.com
Thu Jun 19 14:35:50 UTC 2014
On Thu, 2014-06-19 at 10:19 -0400, Michael H. Warfield wrote:
> On Thu, 2014-06-19 at 10:15 -0400, Michael H. Warfield wrote:
> > This feels like it's an app armour issue... Posting to the -devel since
> > I don't think it's a user level problem.
>
> > I run an Ubuntu container on a Fedora 20 host and it's "running" fine.
> > The container was build on an Ubuntu "host" (really a container creating
> > a sub-container) with "lxc-create ... -t ubuntu -- -r sid".
>
> Oh, correction... That was mislabeled as sid. I double checked the
> os-release and I had build "trusty" and this particular one had been
> built using the download template, not using a subcontainer after all.
> I've got too many development and test containers and I'm starting to
> get them mixed up. My apologies.
More points on the curve. When I shut the container down (over an ssh
connection) in order to rename it, I saw this error:
root at Ubuntu-sid:~# init 0
SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory
root at Ubuntu-sid:~# Connection to 2001:4830:3000:8200:207d:8eff:fe6f:3f79 closed by remote host.
Connection to 2001:4830:3000:8200:207d:8eff:fe6f:3f79 closed.
My host is in selinux "permissive" mode
and /etc/selinux/targeted/policy/policy.29 does exist in the host.
Ubuntu container trying to do something with selinux?
After the rename of the container I noticed this when I logged back
in...
[mhw at canyon ~]$ ssh ubuntu at 2001:4830:3000:8200:7c32:63ff:fec2:24b
The authenticity of host '2001:4830:3000:8200:7c32:63ff:fec2:24b (2001:4830:3000:8200:7c32:63ff:fec2:24b)' can't be established.
ECDSA key fingerprint is c4:ee:a0:56:8d:f7:19:cb:10:b9:14:49:cf:da:46:6b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '2001:4830:3000:8200:7c32:63ff:fec2:24b' (ECDSA) to the list of known hosts.
ubuntu at 2001:4830:3000:8200:7c32:63ff:fec2:24b's password:
X11 forwarding request failed on channel 0
Welcome to Ubuntu 14.04 LTS (GNU/Linux 3.14.5-200.fc20.x86_64 x86_64)
* Documentation: https://help.ubuntu.com/
Unable to get valid context for ubuntu
Last login: Thu Jun 19 14:25:07 2014 from canyon.ip6.wittsend.com
ubuntu at Ubuntu-trusty:~$
In addition to the fact that the download template didn't create the
container with persistent mac addresses (the reason for the ssh
authenticity warnings) I got an "Unable to get valid context for ubuntu"
error when logging in.
I'll probably try putting the host into selinux disabled mode and try
again.
Regards,
Mike
> > When I go to run "apt-get update ; apt-get upgrade" I get an error like
> > this:
> >
> > root at Ubuntu-sid:~# apt-get upgrade
> > Reading package lists... Done
> > Building dependency tree
> > Reading state information... Done
> > You might want to run 'apt-get -f install' to correct these.
> > The following packages have unmet dependencies:
> > libasn1-8-heimdal : Depends: libroken18-heimdal (>= 1.4.0+git20110226) but it is not installed
> > libgssapi3-heimdal : Depends: libroken18-heimdal (>= 1.4.0+git20110226) but it is not installed
> > libhcrypto4-heimdal : Depends: libroken18-heimdal (>= 1.4.0+git20110226) but it is not installed
> > libheimntlm0-heimdal : Depends: libroken18-heimdal (>= 1.4.0+git20110226) but it is not installed
> > libhx509-5-heimdal : Depends: libroken18-heimdal (>= 1.4.0+git20110226) but it is not installed
> > libkrb5-26-heimdal : Depends: libroken18-heimdal (>= 1.6~git20131117) but it is not installed
> > libwind0-heimdal : Depends: libroken18-heimdal (>= 1.4.0+git20110226) but it is not installed
> > E: Unmet dependencies. Try using -f.
> >
> > Ok... So, I try that...
> >
> > root at Ubuntu-sid:~# apt-get -f install
> > Reading package lists... Done
> > Building dependency tree
> > Reading state information... Done
> > Correcting dependencies... Done
> > The following extra packages will be installed:
> > libroken18-heimdal
> > The following NEW packages will be installed:
> > libroken18-heimdal
> > 0 upgraded, 1 newly installed, 0 to remove and 22 not upgraded.
> > 88 not fully installed or removed.
> > Need to get 0 B/40.0 kB of archives.
> > After this operation, 162 kB of additional disk space will be used.
> > Do you want to continue? [Y/n] y
> > dpkg: error processing archive /var/cache/apt/archives/libroken18-heimdal_1.6~git20131207+dfsg-1ubuntu1_amd64.deb (--unpack):
> > cannot get security labeling handle: No such file or directory
> > Errors were encountered while processing:
> > /var/cache/apt/archives/libroken18-heimdal_1.6~git20131207+dfsg-1ubuntu1_amd64.deb
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
> >
> > Ok... Here's where I think it's an app armour thing. That error
> > "cannot get security labeling handle: No such file or directory" can not
> > be good.
> >
> > Any ideas what we have broken in here or what should be done about it to
> > make it work?
> >
> > Regards,
> > Mike
>
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140619/7ca09cae/attachment.sig>
More information about the lxc-devel
mailing list