[lxc-users] lxc-attach shows hosts root fs instead of containers'

Florian Klink flokli at flokli.de
Tue Feb 25 17:44:25 UTC 2014 

We both did some more investigation, and Wojtek also was able to
reproduce the issue on debian wheezy with lxc-1.0.0 build from source.

The problem seems to be that lxc-attach doesn't set any namespaces (or
doesn't set them correctly)

By peeking into /proc/{pid_of_process_started_by_lxc-attach}/ns, we
could see that namespaces are the same as in
/proc/{pid_of_shell_starting_lxc-atttach}/ns
(instead of like in /proc/{pid_of_container_init}/ns)
which explains the strange behaviour.

What's the best way to find out now why it fails to do correctly?

Florian



Am 25.02.2014 14:46, schrieb Florian Klink:
> Hi Wojtek,
> 
> lxc is "community/lxc 1:1.0.0-2" from archlinux repository. (seems to be
> the same as git at lxc-1.0.0, except some systemd unit files and cosmetic
> documentation fixes).
> 
> Host system runs archlinux amd64, 3.13.5-zen kernel, all packages up to
> date.
> 
> 
> lxc-create -n test -t archlinux creates:
> 
> 
> /var/lib/lxc/test/config:
> ---------
> # Template used to create this container:
> /usr/share/lxc/templates/lxc-archlinux
> # Parameters passed to the template:
> # For additional config options, please look at lxc.conf(5)
> lxc.utsname=test
> lxc.autodev=1
> lxc.tty=1
> lxc.pts=1024
> lxc.mount=/var/lib/lxc/test/fstab
> lxc.cap.drop=sys_module mac_admin mac_override sys_time
> lxc.kmsg=0
> lxc.stopsignal=SIGRTMIN+4
> #networking
> lxc.network.type=veth
> lxc.network.link=br0
> lxc.network.flags=up
> lxc.network.name=eth0
> lxc.network.mtu=1500
> #cgroups
> lxc.cgroup.devices.deny = a
> lxc.cgroup.devices.allow = c *:* m
> lxc.cgroup.devices.allow = b *:* m
> lxc.cgroup.devices.allow = c 1:3 rwm
> lxc.cgroup.devices.allow = c 1:5 rwm
> lxc.cgroup.devices.allow = c 1:7 rwm
> lxc.cgroup.devices.allow = c 1:8 rwm
> lxc.cgroup.devices.allow = c 1:9 rwm
> lxc.cgroup.devices.allow = c 1:9 rwm
> lxc.cgroup.devices.allow = c 4:1 rwm
> lxc.cgroup.devices.allow = c 5:0 rwm
> lxc.cgroup.devices.allow = c 5:1 rwm
> lxc.cgroup.devices.allow = c 5:2 rwm
> lxc.cgroup.devices.allow = c 136:* rwm
> lxc.rootfs = /var/lib/lxc/test/rootfs
> ---------
> 
> 
> /var/lib/lxc/test/fstab:
> ---------
> sysfs sys sysfs defaults 0 0
> proc proc proc nodev,noexec,nosuid 0 0
> ---------
> 
> 
> /var/lib/lxc/test/rootfs:
> (contains arch linux root fs)
> 
> 
> Do you need any more info?
> 
> Florian
> 
> 
> 
> 
> 
> Am 25.02.2014 14:29, schrieb Wojciech Arabczyk:
>> Hi Florian,
>>
>> Could you please post your configs? What lxc version are you using
>> btw? Build from scratch or installed from sys packages?
>>
>> On 25 February 2014 14:25, Florian Klink <flokli at flokli.de> wrote:
>>> Hi Wojtek,
>>>
>>> thanks for your answer!
>>>
>>> I built a kernel with the same config, but with CONFIG_USER_NS set to "y".
>>>
>>> lxc-checkconfig now also reports user namespace as "enabled".
>>>
>>>
>>> But when I run lxc-attach, I still see the root file system of the host,
>>> not of the container...
>>>
>>> So the problem is not user-ns related.
>>>
>>> Steps to reproduce:
>>>
>>> lxc-create -n ${CONTAINER_NAME} -t archlinux
>>> lxc-start -n ${CONTAINER_NAME}
>>> lxc-attach -n ${CONTAINER_NAME} /bin/bash
>>> # ls -la / # shows hosts root file system!
>>>
>>>
>>> I was also able to reproduce this problem with a downloaded template
>>> (centos 6 amd64), so it doesn't seem to be archlinux related...
>>>
>>>
>>> Do you have any ideas how to investigate further?
>>>
>>>
>>> Florian
>>>
>>>
>>>
>>>
>>> Am 25.02.2014 10:46, schrieb Wojtek Arabczyk:
>>>> You failed to enable user namespace (which is clearly stated in the log
>>>> you posted).
>>>> Try enabling the user namespace and retest.
>>>>
>>>> --
>>>> Pozdraviam
>>>> Wojtek
>>>>
>>>> On Tuesday, 25 February 2014 at 10:34, Florian Klink wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I created a basic archlinux container (using almost the template):
>>>>>
>>>>> lxc-create -n test -t archlinux
>>>>>
>>>>> I now start the container
>>>>>
>>>>> lxc-start -n test
>>>>>
>>>>> In another shell, I attach inside it:
>>>>>
>>>>> lxc-attach -n test [/bin/bash]
>>>>>
>>>>> And I see the root file system of the host!
>>>>>
>>>>> However, when I get into the machine by logging in from the lxc-start
>>>>> command, I see the correct root of the container.
>>>>>
>>>>> Some information about my system:
>>>>>
>>>>> -----
>>>>> lxc-1.0.0
>>>>> linux x86_64 3.13.5-1-zen
>>>>>
>>>>> --- Namespaces ---
>>>>> Namespaces: enabled
>>>>> Utsname namespace: enabled
>>>>> Ipc namespace: enabled
>>>>> Pid namespace: enabled
>>>>> User namespace: missing
>>>>> Network namespace: enabled
>>>>> Multiple /dev/pts instances: enabled
>>>>>
>>>>> --- Control groups ---
>>>>> Cgroup: enabled
>>>>> Cgroup clone_children flag: enabled
>>>>> Cgroup device: enabled
>>>>> Cgroup sched: enabled
>>>>> Cgroup cpu account: enabled
>>>>> Cgroup memory controller: enabled
>>>>> Cgroup cpuset: enabled
>>>>>
>>>>> --- Misc ---
>>>>> Veth pair device: enabled
>>>>> Macvlan: enabled
>>>>> Vlan: enabled
>>>>> File capabilities: enabled
>>>>>
>>>>> -----
>>>>>
>>>>> Looks like lxc-attach is unable to attach the MOUNT namespace? Or whats
>>>>> the problem here?
>>>>>
>>>>> Florian
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> lxc-users mailing list
>>>>> lxc-users at lists.linuxcontainers.org
>>>>> <mailto:lxc-users at lists.linuxcontainers.org>
>>>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>>>
>>>>
>>>>
>>>
>>>
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>>
>>
> 
>

More information about the lxc-users mailing list