[lxc-devel] `top` within unprivileged container breaks host

S.Çağlar Onur caglar at 10ur.org
Sat Jan 24 19:14:15 UTC 2015 

Hey Stéphane,

On Fri, Jan 23, 2015 at 1:47 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
> On Fri, Jan 23, 2015 at 06:19:46PM +0000, Serge Hallyn wrote:
>> Quoting Mathias Gibbens (mathias at calenhad.com):
>> > On Fri, 2015-01-23 at 00:48 +0000, Mathias Gibbens wrote:
>> > > Hello,
>> > >
>> > >   I've been testing LXC 1.1-rc1 on a Debian jessie system. Specifically,
>> > > since all the pieces are now in place to support systemd in unprivileged
>> > > containers, I've been testing running Debian jessie within an
>> > > unprivileged container.
>> > >
>> > >   The jessie container successfully starts (there are some errors along
>> > > the way, but that's another issue), and I can do a `lxc-attach`, add a
>> > > user and log in. However, if I run `top` within the container I only get
>> > > two lines of output:
>> > >
>> > > top - 00:13:25 up 4 min,  0 users,  load average: 0.01, 0.05, 0.05
>> > > Tasks:  10 total,   1 running,   9 sleeping,   0 stopped,   0 zombie
>> > >
>> > >   Furthermore, the host system breaks spectacularly:
>> > >
>> > > lxc at lxc:~$ top
>> > > Error, do this: mount -t proc proc /proc
>> > > lxc at lxc:~$ /sbin/ifconfig
>> > > Warning: cannot open /proc/net/dev (No such file or directory). Limited
>> > > output.
>> > > lxc at lxc:~$ mount
>> > > mount: failed to read mtab: No such file or directory
>> > > lxc at lxc:~$ df
>> > > df: cannot read table of mounted file systems: No such file or directory
>> > > lxc at lxc:~$ sudo reboot
>> > > Running in chroot, ignoring request.
>> > >
>> > >   It seems that /proc is being unmounted somehow on the host. I can
>> > > re-mount /proc on the host, and things seem to work again. (I haven't
>> > > tested too much after re-mounting, instead opting to just reboot the
>> > > host back to a known good state.)
>> > >
>> > >   Any idea what is causing this to happen? I have also tried running
>> > > Ubuntu Vivid as an unprivileged container and see the same results. I
>> > > have not yet tried a different Linux distro for the host system.
>> > >
>> > >   Host system details: Debian jessie with kernel 3.16.7-ckt2-1 x86_64,
>> > > systemd-215, LXC-1.1-rc1 and lxcfs built from current git checkout,
>> > > cgmanager-0.35 as packaged from the sid repository.
>> > >
>> > > Thanks for any ideas,
>> > > Mathias
>> >
>> >   This morning I setup a host running Ubuntu Vivid with cgmanager, lxc,
>> > and lxcfs packages installed from the daily PPA. I setup two
>>
>> But did you install the systemd-sysv package?
>>
>> > unprivileged containers, Debian jessie and Ubuntu Vivid, and ran `top`
>> > within each one. On the Vivid host, `top` runs properly and the host
>> > system does not break.
>> >
>> >   So, it seems that the breakage is due to running jessie on the host
>> > system. Any ideas why this is happening, or where I could begin looking
>> > to debug this problem?
>>
>> No, I've just reproduced it, but it requires systemd to do so.
>>
>> Note that you'll have to manually chown your name=systemd cgroup
>> to your user for the lxc-start to succeed.
>
>
> Hey,
>
> So we've just tracked down that bug and it's a critical flaw in lxcfs
> which we've now fixed upstream. I tagged LXCFS 0.4 with the fix and am
> publishing it now on our website and uploading it to Ubuntu.

https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/daily still shows
the old lxcfs version. Should I be tracking some other repo?

> Thanks for reporting this!
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
>

-- 
S.Çağlar Onur <caglar at 10ur.org>

More information about the lxc-devel mailing list