[lxc-users] Unable to boot unprivileged container

Robert Pendell shinji at elite-systems.org
Mon May 5 13:23:43 UTC 2014


Here is the information as you requested.

lxc-start -n <container> -l info -o outfile
      lxc-start 1399295274.692 INFO     lxc_start_ui - using rcfile
/home/shinji/.local/share/lxc/utest/config
      lxc-start 1399295274.692 INFO     lxc_utils - XDG_RUNTIME_DIR
isn't set in the environment.
      lxc-start 1399295274.692 INFO     lxc_confile - read uid map:
type u nsid 0 hostid 100000 range 65536
      lxc-start 1399295274.692 INFO     lxc_confile - read uid map:
type g nsid 0 hostid 100000 range 65536
      lxc-start 1399295274.692 WARN     lxc_log - lxc_log_init called
with log already initialized
      lxc-start 1399295274.692 INFO     lxc_lsm - LSM security driver nop
      lxc-start 1399295274.692 INFO     lxc_utils - XDG_RUNTIME_DIR
isn't set in the environment.
      lxc-start 1399295274.693 INFO     lxc_conf - tty's configured
      lxc-start 1399295275.060 INFO     lxc_start - 'utest' is initialized
      lxc-start 1399295275.072 INFO     lxc_start - Cloning a new user namespace
      lxc-start 1399295275.072 INFO     lxc_cgroup - cgroup driver
cgmanager initing for utest
      lxc-start 1399295275.073 ERROR    lxc_cgmanager - call to
cgmanager_create_sync failed: invalid request
      lxc-start 1399295275.073 ERROR    lxc_cgmanager - Failed to
create cpuset:utest
      lxc-start 1399295275.073 ERROR    lxc_cgmanager - Error creating
cgroup cpuset:utest
      lxc-start 1399295275.073 INFO     lxc_cgmanager - cgroup removal
attempt: cpuset:utest did not exist
      lxc-start 1399295275.073 INFO     lxc_cgmanager - cgroup removal
attempt: debug:utest did not exist
      lxc-start 1399295275.074 INFO     lxc_cgmanager - cgroup removal
attempt: cpu:utest did not exist
      lxc-start 1399295275.074 INFO     lxc_cgmanager - cgroup removal
attempt: cpuacct:utest did not exist
      lxc-start 1399295275.074 INFO     lxc_cgmanager - cgroup removal
attempt: devices:utest did not exist
      lxc-start 1399295275.074 INFO     lxc_cgmanager - cgroup removal
attempt: freezer:utest did not exist
      lxc-start 1399295275.074 INFO     lxc_cgmanager - cgroup removal
attempt: net_cls:utest did not exist
      lxc-start 1399295275.074 INFO     lxc_cgmanager - cgroup removal
attempt: blkio:utest did not exist
      lxc-start 1399295275.074 INFO     lxc_cgmanager - cgroup removal
attempt: perf_event:utest did not exist
      lxc-start 1399295275.075 INFO     lxc_cgmanager - cgroup removal
attempt: net_prio:utest did not exist
      lxc-start 1399295275.075 ERROR    lxc_start - failed creating cgroups
      lxc-start 1399295275.075 INFO     lxc_utils - XDG_RUNTIME_DIR
isn't set in the environment.
      lxc-start 1399295275.075 ERROR    lxc_start - failed to spawn 'utest'
      lxc-start 1399295275.075 INFO     lxc_utils - XDG_RUNTIME_DIR
isn't set in the environment.
      lxc-start 1399295275.075 INFO     lxc_utils - XDG_RUNTIME_DIR
isn't set in the environment.


shinji at icarus:~$ cat ~/.local/share/lxc/utest/config
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template:
# For additional config options, please look at lxc.conf(5)

# Distribution configuration
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
lxc.arch = x86

# Container specific configuration
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = /home/shinji/.local/share/lxc/utest/rootfs
lxc.utsname = utest

# Network configuration
lxc.network.type = veth
lxc.network.link = lxcbr0

shinji at icarus:~$ cat /etc/subuid
shinji:100000:65536

shinji at icarus:~$ cat /etc/subgid
shinji:100000:65536
Robert Pendell
shinji at elite-systems.org
A perfect world is one of chaos.


On Mon, May 5, 2014 at 8:50 AM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Please show us the contents of outfile after running
>         lxc-start -n <container> -l info -o outfile
>
> and show us the contaienr configuration file as well as /etc/subuid
> and /etc/subgid.
>
> -serge
>
> Quoting Robert Pendell (shinji at elite-systems.org):
>> OS: Ubuntu 14.04 LTS x86_64
>> Kernel: Host-Supplied 3.14.1
>> Provider: Linode
>> Host Virtualization: Xen Paravirtualized
>> LXC Version: 1.0.3-0ubuntu3
>>
>> When I attempt to boot an unprivileged container I get the error
>> "lxc_container: command get_cgroup failed to receive response".  This
>> appears to be due to missing cgroup however it is mounted and is using
>> cgmanager as was recently changed (output seen later).  For
>> troubleshooting I switched to the distribution supplied kernel (host
>> supports pv-grub) and it does the same thing.  Host has apparmor
>> disabled and when I was running the distribution kernel I verified
>> that apparmor was enabled and running so in this case it made no
>> difference.
>>
>> I was able to run a privileged container even with the host-supplied
>> kernel however this won't meet my individual requirements.
>>
>> Any assistance will be greatly appreciated.
>>
>> Debug output: http://pastebin.com/xLHmezLw
>>
>> shinji at icarus:~$ mount
>> /dev/xvda on / type ext3 (rw,noatime,errors=remount-ro)
>> proc on /proc type proc (rw)
>> none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
>> sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
>> none on /sys/fs/cgroup type tmpfs (rw)
>> none on /sys/fs/fuse/connections type fusectl (rw)
>> devtmpfs on /dev type devtmpfs (rw,mode=0755)
>> none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
>> none on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
>> none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
>> none on /run/shm type tmpfs (rw,nosuid,nodev)
>> none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
>>
>> Robert Pendell
>> shinji at elite-systems.org
>> A perfect world is one of chaos.
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users


More information about the lxc-users mailing list