[lxc-users] lxc-attach shows hosts root fs instead of containers'

Tue Feb 25 13:46:46 UTC 2014

Hi Wojtek,

lxc is "community/lxc 1:1.0.0-2" from archlinux repository. (seems to be
the same as git at lxc-1.0.0, except some systemd unit files and cosmetic
documentation fixes).

Host system runs archlinux amd64, 3.13.5-zen kernel, all packages up to
date.

lxc-create -n test -t archlinux creates:

/var/lib/lxc/test/config:
---------
# Template used to create this container:
/usr/share/lxc/templates/lxc-archlinux
# Parameters passed to the template:
# For additional config options, please look at lxc.conf(5)
lxc.utsname=test
lxc.autodev=1
lxc.tty=1
lxc.pts=1024
lxc.mount=/var/lib/lxc/test/fstab
lxc.cap.drop=sys_module mac_admin mac_override sys_time
lxc.kmsg=0
lxc.stopsignal=SIGRTMIN+4
#networking
lxc.network.type=veth
lxc.network.link=br0
lxc.network.flags=up
lxc.network.name=eth0
lxc.network.mtu=1500
#cgroups
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.rootfs = /var/lib/lxc/test/rootfs
---------

/var/lib/lxc/test/fstab:
---------
sysfs sys sysfs defaults 0 0
proc proc proc nodev,noexec,nosuid 0 0
---------

/var/lib/lxc/test/rootfs:
(contains arch linux root fs)

Do you need any more info?

Florian

Am 25.02.2014 14:29, schrieb Wojciech Arabczyk:
> Hi Florian,
> 
> Could you please post your configs? What lxc version are you using
> btw? Build from scratch or installed from sys packages?
> 
> On 25 February 2014 14:25, Florian Klink <flokli at flokli.de> wrote:
>> Hi Wojtek,
>>
>> thanks for your answer!
>>
>> I built a kernel with the same config, but with CONFIG_USER_NS set to "y".
>>
>> lxc-checkconfig now also reports user namespace as "enabled".
>>
>>
>> But when I run lxc-attach, I still see the root file system of the host,
>> not of the container...
>>
>> So the problem is not user-ns related.
>>
>> Steps to reproduce:
>>
>> lxc-create -n ${CONTAINER_NAME} -t archlinux
>> lxc-start -n ${CONTAINER_NAME}
>> lxc-attach -n ${CONTAINER_NAME} /bin/bash
>> # ls -la / # shows hosts root file system!
>>
>>
>> I was also able to reproduce this problem with a downloaded template
>> (centos 6 amd64), so it doesn't seem to be archlinux related...
>>
>>
>> Do you have any ideas how to investigate further?
>>
>>
>> Florian
>>
>>
>>
>>
>> Am 25.02.2014 10:46, schrieb Wojtek Arabczyk:
>>> You failed to enable user namespace (which is clearly stated in the log
>>> you posted).
>>> Try enabling the user namespace and retest.
>>>
>>> --
>>> Pozdraviam
>>> Wojtek
>>>
>>> On Tuesday, 25 February 2014 at 10:34, Florian Klink wrote:
>>>
>>>> Hi,
>>>>
>>>> I created a basic archlinux container (using almost the template):
>>>>
>>>> lxc-create -n test -t archlinux
>>>>
>>>> I now start the container
>>>>
>>>> lxc-start -n test
>>>>
>>>> In another shell, I attach inside it:
>>>>
>>>> lxc-attach -n test [/bin/bash]
>>>>
>>>> And I see the root file system of the host!
>>>>
>>>> However, when I get into the machine by logging in from the lxc-start
>>>> command, I see the correct root of the container.
>>>>
>>>> Some information about my system:
>>>>
>>>> -----
>>>> lxc-1.0.0
>>>> linux x86_64 3.13.5-1-zen
>>>>
>>>> --- Namespaces ---
>>>> Namespaces: enabled
>>>> Utsname namespace: enabled
>>>> Ipc namespace: enabled
>>>> Pid namespace: enabled
>>>> User namespace: missing
>>>> Network namespace: enabled
>>>> Multiple /dev/pts instances: enabled
>>>>
>>>> --- Control groups ---
>>>> Cgroup: enabled
>>>> Cgroup clone_children flag: enabled
>>>> Cgroup device: enabled
>>>> Cgroup sched: enabled
>>>> Cgroup cpu account: enabled
>>>> Cgroup memory controller: enabled
>>>> Cgroup cpuset: enabled
>>>>
>>>> --- Misc ---
>>>> Veth pair device: enabled
>>>> Macvlan: enabled
>>>> Vlan: enabled
>>>> File capabilities: enabled
>>>>
>>>> -----
>>>>
>>>> Looks like lxc-attach is unable to attach the MOUNT namespace? Or whats
>>>> the problem here?
>>>>
>>>> Florian
>>>>
>>>>
>>>> _______________________________________________
>>>> lxc-users mailing list
>>>> lxc-users at lists.linuxcontainers.org
>>>> <mailto:lxc-users at lists.linuxcontainers.org>
>>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> 
> 
> 