[lxc-users] Lower Version ??

CDR venefax at gmail.com
Fri May 2 17:14:18 UTC 2014


great information
many thanks

On Fri, May 2, 2014 at 11:21 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Fri, 2014-05-02 at 11:14 -0400, CDR wrote:
>> I don´t use Selinux since until I can make this work perfectly, it
>> adds complexity to a complex picture.
>> I changed the permissions on the file to 777 and nothing changed.
>> Let me erase the lxc.service file and reinstall the RPMs, and try again
>
> Let me emphasize this fully.  Do NOT change permissions on a file to
> 777.  Lots of security related applications and applications which run
> as root will spot that as a writable file and refuse to run it as if it
> had "Permission Denied" although they generally choose a better message.
> I don't know if systemd does this but, if it doesn't, it should.  It
> should NEVER run a file that is world writable.  Some applications (ssh)
> will even bitch and refuse to use files that are group writable.  Safest
> mode is 555 (read and execute) like should have been set in the rpm.
>
> Regards,
> Mike
>
>> On Fri, May 2, 2014 at 10:57 AM, Michael H. Warfield <mhw at wittsend.com> wrote:
>> > On Fri, 2014-05-02 at 10:24 -0400, CDR wrote:
>> >> It works fine if I change the systemd service file and replace the two lines.
>> >> I suggest that the patch also changes these two lines, or nobody else
>> >> is going to make this work.
>> >
>> > No.  Dwight and I have been discussing this, some on-list and some
>> > off-list, and he's correct that there's a timing issue if you need
>> > libvirt up and the libvirt bridge.  I've confirmed this in some of my
>> > tests where not all of my containers get started properly (early ones
>> > failing and later ones starting).
>> >
>> > It looks like it works but there's an indeterminency in there that may
>> > not be immediately be apparent.  I suggested it but I see where it may
>> > work in may of my cases but there are too many corner cases where it
>> > won't work properly.
>> >
>> > I think he asked you what the permissions where on the file.  I'm
>> > curious if we're dealing with some sort of selinux gotcha and wondering
>> > if your running with selinux enabled or disabled.
>> >
>> > Regards,
>> > Mike
>> >
>> >> > /usr/lib/systemd/system/lxc.service
>> >> >
>> >> > Change these lines:
>> >> >
>> >> > ExecStart=/usr/libexec/lxc/lxc-startup start
>> >> > ExecStop=/usr/libexec/lxc/lxc-startup stop
>> >> >
>> >> > To this:
>> >> >
>> >> ExecStart=/usr/bin/lxc-autostart -a
>> >> ExecStop=/usr/bin/lxc-autostart -s
>> >>
>> >> On Fri, May 2, 2014 at 9:40 AM, Dwight Engen <dwight.engen at oracle.com> wrote:
>> >> > On Thu, 1 May 2014 22:07:44 -0400
>> >> > CDR <venefax at gmail.com> wrote:
>> >> >
>> >> >> After installng the RPMs with the patch
>> >> >>
>> >> >> systemctl start lxc
>> >> >> Job for lxc.service failed. See 'systemctl status lxc.service' and
>> >> >> 'journalctl -xn' for details.
>> >> >> [root at hyperv ~]# journalctl -xn -l
>> >> >> -- Logs begin at Tue 2014-03-25 10:13:43 EDT, end at Thu 2014-05-01
>> >> >> 10:04:10 EDT. --
>> >> >> May 01 10:04:04 hyperv systemd[1]: Reloading.
>> >> >> May 01 10:04:06 hyperv PackageKit[1531]: daemon quit
>> >> >> May 01 10:04:10 hyperv systemd[1]: Starting LXC Container
>> >> >> Initialization and Autoboot Code...
>> >> >> -- Subject: Unit lxc.service has begun with start-up
>> >> >> -- Defined-By: systemd
>> >> >> -- Support:
>> >> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel --
>> >> >> -- Unit lxc.service has begun starting up.
>> >> >> May 01 10:04:10 hyperv lxc-devsetup[1817]: Creating /dev/.lxc
>> >> >> May 01 10:04:10 hyperv lxc-devsetup[1817]: /dev is devtmpfs
>> >> >> May 01 10:04:10 hyperv lxc-devsetup[1817]: Creating /dev/.lxc/user
>> >> >> May 01 10:04:10 hyperv systemd[1825]: Failed at step EXEC spawning
>> >> >> /usr/libexec/lxc/lxc-startup: Permission denied
>> >> >
>> >> > Can you check the permissions on /usr/libexec/lxc/lxc-startup? The rpm
>> >> > spec file installs it 0555. Not sure why systemd can't exec it.
>> >> >
>> >> >> -- Subject: Process /usr/libexec/lxc/lxc-startup could not be executed
>> >> >> -- Defined-By: systemd
>> >> >> -- Support:
>> >> >> http://lists.freedesktop.org/mailman/listinfo/systemd-devel --
>> >> >> -- The process /usr/libexec/lxc/lxc-startup could not be executed and
>> >> >> failed. --
>> >> >> -- The error number returned while executing this process is 13.
>> >> >> May 01 10:04:10 hyperv systemd[1]: lxc.service: main process exited,
>> >> >> code=exited, status=203/EXEC
>> >> >> May 01 10:04:10 hyperv systemd[1]: Failed to start LXC Container
>> >> >> Initialization and Autoboot Code.
>> >> >> -- Subject: Unit lxc.service has failed
>> >> >>
>> >> >> On Thu, May 1, 2014 at 9:16 PM, CDR <venefax at gmail.com> wrote:
>> >> >> > When I apply the patch over the git version, I keep getting
>> >> >> >  git am ../lxc.patch
>> >> >> > Patch does not have a valid e-mail address
>> >> >> >
>> >> >> > How should I approach this? Sorry I am not  an expert.
>> >> >> > Philip
>> >> >> >
>> >> >> > On Thu, May 1, 2014 at 9:08 PM, Dwight Engen
>> >> >> > <dwight.engen at oracle.com> wrote:
>> >> >> >> On Thu, 1 May 2014 20:28:44 -0400
>> >> >> >> CDR <venefax at gmail.com> wrote:
>> >> >> >>
>> >> >> >>> Dear Friends
>> >> >> >>>
>> >> >> >>> I followed this instructions
>> >> >> >>>
>> >> >> >>> git clone git://github.com/lxc/lxc
>> >> >> >>> cd lxc
>> >> >> >>> git am /path/to/0001-have-systemd-
>> >> >> >>> service-call-lxc-autostart-via-script.patch
>> >> >> >>> ./autogen.sh
>> >> >> >>> ./configure
>> >> >> >>> make rpm
>> >> >> >>> yum reinstall ~/rpmbuild/RPMS/x86_64/lxc*
>> >> >> >>>
>> >> >> >>> but the RPMs genrated are of a lower version of what I had,
>> >> >> >>> compiled from code
>> >> >> >>>
>> >> >> >>> I get now
>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-1.0.0-1.fc20.x86_64.rpm
>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-devel-1.0.0-1.fc20.x86_64.rpm
>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-debuginfo-1.0.0-1.fc20.x86_64.rpm
>> >> >> >>> /root/rpmbuild/RPMS/x86_64/lxc-libs-1.0.0-1.fc20.x86_64.rpm
>> >> >> >>>
>> >> >> >>> but I have installed
>> >> >> >>>
>> >> >> >>> rpm -qa | grep lxc
>> >> >> >>> lxc-devel-1.0.3-1.fc20.x86_64
>> >> >> >>> libvirt-daemon-driver-lxc-1.1.3.4-4.fc20.x86_64
>> >> >> >>> lxc-libs-1.0.3-1.fc20.x86_64
>> >> >> >>> lxc-debuginfo-1.0.3-1.fc20.x86_64
>> >> >> >>> lxc-1.0.3-1.fc20.x86_64
>> >> >> >>>
>> >> >> >>>
>> >> >> >>> Did I missed something?
>> >> >> >>
>> >> >> >> This is because you are building against git master, 1.0.3 is the
>> >> >> >> stable branch. Stéphane, I wonder if we should set
>> >> >> >> lxc_version_micro in master's configure.ac to x or git or
>> >> >> >> something to make it clear that it isn't the tagged 1.0.0? Of
>> >> >> >> course I don't know if .x is considered "newer" than .3 for an rpm
>> >> >> >> upgrade but it would be less confusing for people building their
>> >> >> >> own rpm.
>> >> >> >>
>> >> >> >>> Thanks for your continued assistance.
>> >> >> >>
>> >> >> >> Philip, you can uninstall your current packages with rpm -e
>> >> >> >> lxc-devel lxc-debuginfo lxc-libs lxc and then install the ones you
>> >> >> >> built.
>> >> >> >>
>> >> >> >>> Philip
>> >> >> >>> _______________________________________________
>> >> >> >>> lxc-users mailing list
>> >> >> >>> lxc-users at lists.linuxcontainers.org
>> >> >> >>> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >> >> >> _______________________________________________
>> >> >> >> lxc-users mailing list
>> >> >> >> lxc-users at lists.linuxcontainers.org
>> >> >> >> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >> >> _______________________________________________
>> >> >> lxc-users mailing list
>> >> >> lxc-users at lists.linuxcontainers.org
>> >> >> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >> > _______________________________________________
>> >> > lxc-users mailing list
>> >> > lxc-users at lists.linuxcontainers.org
>> >> > http://lists.linuxcontainers.org/listinfo/lxc-users
>> >> _______________________________________________
>> >> lxc-users mailing list
>> >> lxc-users at lists.linuxcontainers.org
>> >> http://lists.linuxcontainers.org/listinfo/lxc-users
>> >
>> > --
>> > Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>> >    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>> >    NIC whois: MHW9          | An optimist believes we live in the best of all
>> >  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>> >
>> >
>> > _______________________________________________
>> > lxc-users mailing list
>> > lxc-users at lists.linuxcontainers.org
>> > http://lists.linuxcontainers.org/listinfo/lxc-users
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
> --
> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


More information about the lxc-users mailing list