[lxc-devel] `top` within unprivileged container breaks host
Mathias Gibbens
mathias at calenhad.com
Fri Jan 23 00:48:10 UTC 2015
Hello,
I've been testing LXC 1.1-rc1 on a Debian jessie system. Specifically,
since all the pieces are now in place to support systemd in unprivileged
containers, I've been testing running Debian jessie within an
unprivileged container.
The jessie container successfully starts (there are some errors along
the way, but that's another issue), and I can do a `lxc-attach`, add a
user and log in. However, if I run `top` within the container I only get
two lines of output:
top - 00:13:25 up 4 min, 0 users, load average: 0.01, 0.05, 0.05
Tasks: 10 total, 1 running, 9 sleeping, 0 stopped, 0 zombie
Furthermore, the host system breaks spectacularly:
lxc at lxc:~$ top
Error, do this: mount -t proc proc /proc
lxc at lxc:~$ /sbin/ifconfig
Warning: cannot open /proc/net/dev (No such file or directory). Limited
output.
lxc at lxc:~$ mount
mount: failed to read mtab: No such file or directory
lxc at lxc:~$ df
df: cannot read table of mounted file systems: No such file or directory
lxc at lxc:~$ sudo reboot
Running in chroot, ignoring request.
It seems that /proc is being unmounted somehow on the host. I can
re-mount /proc on the host, and things seem to work again. (I haven't
tested too much after re-mounting, instead opting to just reboot the
host back to a known good state.)
Any idea what is causing this to happen? I have also tried running
Ubuntu Vivid as an unprivileged container and see the same results. I
have not yet tried a different Linux distro for the host system.
Host system details: Debian jessie with kernel 3.16.7-ckt2-1 x86_64,
systemd-215, LXC-1.1-rc1 and lxcfs built from current git checkout,
cgmanager-0.35 as packaged from the sid repository.
Thanks for any ideas,
Mathias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150123/5a43f06b/attachment.sig>
More information about the lxc-devel
mailing list