[lxc-devel] `top` within unprivileged container breaks host

S.Çağlar Onur caglar at 10ur.org
Sat Jan 24 19:45:52 UTC 2015 

On Sat, Jan 24, 2015 at 2:29 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
> On Sat, Jan 24, 2015 at 02:14:15PM -0500, S.Çağlar Onur wrote:
>> Hey Stéphane,
>>
>> On Fri, Jan 23, 2015 at 1:47 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
>> > On Fri, Jan 23, 2015 at 06:19:46PM +0000, Serge Hallyn wrote:
>> >> Quoting Mathias Gibbens (mathias at calenhad.com):
>> >> > On Fri, 2015-01-23 at 00:48 +0000, Mathias Gibbens wrote:
>> >> > > Hello,
>> >> > >
>> >> > >   I've been testing LXC 1.1-rc1 on a Debian jessie system. Specifically,
>> >> > > since all the pieces are now in place to support systemd in unprivileged
>> >> > > containers, I've been testing running Debian jessie within an
>> >> > > unprivileged container.
>> >> > >
>> >> > >   The jessie container successfully starts (there are some errors along
>> >> > > the way, but that's another issue), and I can do a `lxc-attach`, add a
>> >> > > user and log in. However, if I run `top` within the container I only get
>> >> > > two lines of output:
>> >> > >
>> >> > > top - 00:13:25 up 4 min,  0 users,  load average: 0.01, 0.05, 0.05
>> >> > > Tasks:  10 total,   1 running,   9 sleeping,   0 stopped,   0 zombie
>> >> > >
>> >> > >   Furthermore, the host system breaks spectacularly:
>> >> > >
>> >> > > lxc at lxc:~$ top
>> >> > > Error, do this: mount -t proc proc /proc
>> >> > > lxc at lxc:~$ /sbin/ifconfig
>> >> > > Warning: cannot open /proc/net/dev (No such file or directory). Limited
>> >> > > output.
>> >> > > lxc at lxc:~$ mount
>> >> > > mount: failed to read mtab: No such file or directory
>> >> > > lxc at lxc:~$ df
>> >> > > df: cannot read table of mounted file systems: No such file or directory
>> >> > > lxc at lxc:~$ sudo reboot
>> >> > > Running in chroot, ignoring request.
>> >> > >
>> >> > >   It seems that /proc is being unmounted somehow on the host. I can
>> >> > > re-mount /proc on the host, and things seem to work again. (I haven't
>> >> > > tested too much after re-mounting, instead opting to just reboot the
>> >> > > host back to a known good state.)
>> >> > >
>> >> > >   Any idea what is causing this to happen? I have also tried running
>> >> > > Ubuntu Vivid as an unprivileged container and see the same results. I
>> >> > > have not yet tried a different Linux distro for the host system.
>> >> > >
>> >> > >   Host system details: Debian jessie with kernel 3.16.7-ckt2-1 x86_64,
>> >> > > systemd-215, LXC-1.1-rc1 and lxcfs built from current git checkout,
>> >> > > cgmanager-0.35 as packaged from the sid repository.
>> >> > >
>> >> > > Thanks for any ideas,
>> >> > > Mathias
>> >> >
>> >> >   This morning I setup a host running Ubuntu Vivid with cgmanager, lxc,
>> >> > and lxcfs packages installed from the daily PPA. I setup two
>> >>
>> >> But did you install the systemd-sysv package?
>> >>
>> >> > unprivileged containers, Debian jessie and Ubuntu Vivid, and ran `top`
>> >> > within each one. On the Vivid host, `top` runs properly and the host
>> >> > system does not break.
>> >> >
>> >> >   So, it seems that the breakage is due to running jessie on the host
>> >> > system. Any ideas why this is happening, or where I could begin looking
>> >> > to debug this problem?
>> >>
>> >> No, I've just reproduced it, but it requires systemd to do so.
>> >>
>> >> Note that you'll have to manually chown your name=systemd cgroup
>> >> to your user for the lxc-start to succeed.
>> >
>> >
>> > Hey,
>> >
>> > So we've just tracked down that bug and it's a critical flaw in lxcfs
>> > which we've now fixed upstream. I tagged LXCFS 0.4 with the fix and am
>> > publishing it now on our website and uploading it to Ubuntu.
>>
>> https://launchpad.net/~ubuntu-lxc/+archive/ubuntu/daily still shows
>> the old lxcfs version. Should I be tracking some other repo?
>
> Oops, no. I uploaded to vivid but forgot to refresh the PPA. Doing that now.

Thanks! Restarting lxcfs breaks running containers, is this expected?
This happened just after upgrade;

[caglar at qop:~/go/src/gopkg.in/lxc/go-lxc.v2/examples] sudo apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  lxcfs
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 19.1 kB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ppa.launchpad.net/ubuntu-lxc/daily/ubuntu/ trusty/main
lxcfs amd64 0.4-0ubuntu1~ubuntu14.04.1~ppa1 [19.1 kB]
Fetched 19.1 kB in 0s (42.2 kB/s)
(Reading database ... 204049 files and directories currently installed.)
Preparing to unpack .../lxcfs_0.4-0ubuntu1~ubuntu14.04.1~ppa1_amd64.deb ...
lxcfs stop/waiting
Unpacking lxcfs (0.4-0ubuntu1~ubuntu14.04.1~ppa1) over
(0.3-0ubuntu1~ubuntu14.04.1~ppa1) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Setting up lxcfs (0.4-0ubuntu1~ubuntu14.04.1~ppa1) ...
lxcfs start/running, process 24251

[caglar at qop:~/go/src/gopkg.in/lxc/go-lxc.v2/examples] ./attach
2015/01/24 14:41:56 AttachShell
root at rubik:/# free -m
Error: /proc must be mounted
  To mount /proc at boot you need an /etc/fstab line like:
      proc   /proc   proc    defaults
  In the meantime, run "mount proc /proc -t proc"
root at rubik:/# exit

and I can reproduce it by just restarting the lxcfs service

[caglar at qop:~/go/src/gopkg.in/lxc/go-lxc.v2/examples] ./attach
2015/01/24 14:42:24 AttachShell
root at rubik:/# free -m
             total       used       free     shared    buffers     cached
Mem:           128         10        117          5          0          0
-/+ buffers/cache:         10        117
Swap:          975          0        975
root at rubik:/# exit
2015/01/24 14:42:29 RunCommand
uid=0(root) gid=0(root) groups=0(root)
[caglar at qop:~/go/src/gopkg.in/lxc/go-lxc.v2/examples] sudo restart lxcfs
lxcfs start/running, process 26069
[caglar at qop:~/go/src/gopkg.in/lxc/go-lxc.v2/examples] ./attach
2015/01/24 14:42:37 AttachShell
root at rubik:/# free -m
Error: /proc must be mounted
  To mount /proc at boot you need an /etc/fstab line like:
      proc   /proc   proc    defaults
  In the meantime, run "mount proc /proc -t proc"
root at rubik:/#


>>
>> > Thanks for reporting this!
>> >
>> > --
>> > Stéphane Graber
>> > Ubuntu developer
>> > http://www.ubuntu.com
>> >
>> > _______________________________________________
>> > lxc-devel mailing list
>> > lxc-devel at lists.linuxcontainers.org
>> > http://lists.linuxcontainers.org/listinfo/lxc-devel
>> >
>>
>> --
>> S.Çağlar Onur <caglar at 10ur.org>
>> _______________________________________________
>> lxc-devel mailing list
>> lxc-devel at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-devel
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
>



-- 
S.Çağlar Onur <caglar at 10ur.org>

More information about the lxc-devel mailing list