[lxc-devel] `top` within unprivileged container breaks host

Mathias Gibbens mathias at calenhad.com
Fri Jan 23 17:25:36 UTC 2015 

On Fri, 2015-01-23 at 00:48 +0000, Mathias Gibbens wrote:
> Hello,
> 
>   I've been testing LXC 1.1-rc1 on a Debian jessie system. Specifically,
> since all the pieces are now in place to support systemd in unprivileged
> containers, I've been testing running Debian jessie within an
> unprivileged container.
> 
>   The jessie container successfully starts (there are some errors along
> the way, but that's another issue), and I can do a `lxc-attach`, add a
> user and log in. However, if I run `top` within the container I only get
> two lines of output:
> 
> top - 00:13:25 up 4 min,  0 users,  load average: 0.01, 0.05, 0.05
> Tasks:  10 total,   1 running,   9 sleeping,   0 stopped,   0 zombie
> 
>   Furthermore, the host system breaks spectacularly:
> 
> lxc at lxc:~$ top
> Error, do this: mount -t proc proc /proc
> lxc at lxc:~$ /sbin/ifconfig
> Warning: cannot open /proc/net/dev (No such file or directory). Limited
> output.
> lxc at lxc:~$ mount
> mount: failed to read mtab: No such file or directory
> lxc at lxc:~$ df
> df: cannot read table of mounted file systems: No such file or directory
> lxc at lxc:~$ sudo reboot
> Running in chroot, ignoring request.
> 
>   It seems that /proc is being unmounted somehow on the host. I can
> re-mount /proc on the host, and things seem to work again. (I haven't
> tested too much after re-mounting, instead opting to just reboot the
> host back to a known good state.)
> 
>   Any idea what is causing this to happen? I have also tried running
> Ubuntu Vivid as an unprivileged container and see the same results. I
> have not yet tried a different Linux distro for the host system.
> 
>   Host system details: Debian jessie with kernel 3.16.7-ckt2-1 x86_64,
> systemd-215, LXC-1.1-rc1 and lxcfs built from current git checkout,
> cgmanager-0.35 as packaged from the sid repository.
> 
> Thanks for any ideas,
> Mathias

  This morning I setup a host running Ubuntu Vivid with cgmanager, lxc,
and lxcfs packages installed from the daily PPA. I setup two
unprivileged containers, Debian jessie and Ubuntu Vivid, and ran `top`
within each one. On the Vivid host, `top` runs properly and the host
system does not break.

  So, it seems that the breakage is due to running jessie on the host
system. Any ideas why this is happening, or where I could begin looking
to debug this problem?

Mathias
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150123/86d636bb/attachment.sig>

More information about the lxc-devel mailing list