[lxc-devel] `top` within unprivileged container breaks host
Stéphane Graber
stgraber at ubuntu.com
Fri Jan 23 18:47:50 UTC 2015
On Fri, Jan 23, 2015 at 06:19:46PM +0000, Serge Hallyn wrote:
> Quoting Mathias Gibbens (mathias at calenhad.com):
> > On Fri, 2015-01-23 at 00:48 +0000, Mathias Gibbens wrote:
> > > Hello,
> > >
> > > I've been testing LXC 1.1-rc1 on a Debian jessie system. Specifically,
> > > since all the pieces are now in place to support systemd in unprivileged
> > > containers, I've been testing running Debian jessie within an
> > > unprivileged container.
> > >
> > > The jessie container successfully starts (there are some errors along
> > > the way, but that's another issue), and I can do a `lxc-attach`, add a
> > > user and log in. However, if I run `top` within the container I only get
> > > two lines of output:
> > >
> > > top - 00:13:25 up 4 min, 0 users, load average: 0.01, 0.05, 0.05
> > > Tasks: 10 total, 1 running, 9 sleeping, 0 stopped, 0 zombie
> > >
> > > Furthermore, the host system breaks spectacularly:
> > >
> > > lxc at lxc:~$ top
> > > Error, do this: mount -t proc proc /proc
> > > lxc at lxc:~$ /sbin/ifconfig
> > > Warning: cannot open /proc/net/dev (No such file or directory). Limited
> > > output.
> > > lxc at lxc:~$ mount
> > > mount: failed to read mtab: No such file or directory
> > > lxc at lxc:~$ df
> > > df: cannot read table of mounted file systems: No such file or directory
> > > lxc at lxc:~$ sudo reboot
> > > Running in chroot, ignoring request.
> > >
> > > It seems that /proc is being unmounted somehow on the host. I can
> > > re-mount /proc on the host, and things seem to work again. (I haven't
> > > tested too much after re-mounting, instead opting to just reboot the
> > > host back to a known good state.)
> > >
> > > Any idea what is causing this to happen? I have also tried running
> > > Ubuntu Vivid as an unprivileged container and see the same results. I
> > > have not yet tried a different Linux distro for the host system.
> > >
> > > Host system details: Debian jessie with kernel 3.16.7-ckt2-1 x86_64,
> > > systemd-215, LXC-1.1-rc1 and lxcfs built from current git checkout,
> > > cgmanager-0.35 as packaged from the sid repository.
> > >
> > > Thanks for any ideas,
> > > Mathias
> >
> > This morning I setup a host running Ubuntu Vivid with cgmanager, lxc,
> > and lxcfs packages installed from the daily PPA. I setup two
>
> But did you install the systemd-sysv package?
>
> > unprivileged containers, Debian jessie and Ubuntu Vivid, and ran `top`
> > within each one. On the Vivid host, `top` runs properly and the host
> > system does not break.
> >
> > So, it seems that the breakage is due to running jessie on the host
> > system. Any ideas why this is happening, or where I could begin looking
> > to debug this problem?
>
> No, I've just reproduced it, but it requires systemd to do so.
>
> Note that you'll have to manually chown your name=systemd cgroup
> to your user for the lxc-start to succeed.
Hey,
So we've just tracked down that bug and it's a critical flaw in lxcfs
which we've now fixed upstream. I tagged LXCFS 0.4 with the fix and am
publishing it now on our website and uploading it to Ubuntu.
Thanks for reporting this!
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150123/be817fde/attachment.sig>
More information about the lxc-devel
mailing list