[lxc-users] Cannot mount sys in unprivileged container

Serge Hallyn serge.hallyn at ubuntu.com
Thu Oct 23 19:03:53 UTC 2014 

Oh I bet this is the problem that was introduced in the upstream kernel in
august.  Can you try the packages from the ubuntu-daily ppa?

Quoting G H (uothrawn at yahoo.com):
> I am using Xubuntu 14.04.1 and created an LXC unprivileged container via these instructions: https://help.ubuntu.com/lts/serverguide/lxc.html
> 
> 
> I created a guest via: lxc-create -t download -n centos6 -- -d centos -r 6 -a amd64
> 
> However, I am getting an error when I true to start it up regarding the mounting of proc/sys. Did I miss anything? I've attached the startup log and output of /proc/mounts. My /etc/subuid and subgid both contain "gh:100000:65536"
> 
> 
> Thanks.

> gh at systemlocal:~$ lxc-start -n centos6 --logfile /tmp/out --logpriority=INFO
> lxc-start: Operation not permitted - error mounting (null) on /usr/lib/x86_64-linux-gnu/lxc/proc/sys
> lxc-start: failed to setup the automatic mounts for 'centos6'
> lxc-start: failed to setup the container
> lxc-start: invalid sequence number 1. expected 2
> lxc-start: failed to spawn 'centos6'
> lxc-start: The container failed to start.
> lxc-start: Additional information can be obtained by setting the --logfile and --log-priority options.
> 
> 
> gh at systemlocal:~$ cat /tmp/out
>       lxc-start 1413475508.125 INFO     lxc_start_ui - using rcfile /home/gh/.local/share/lxc/centos6/config
>       lxc-start 1413475508.125 INFO     lxc_confile - read uid map: type u nsid 0 hostid 100000 range 65536
>       lxc-start 1413475508.125 INFO     lxc_confile - read uid map: type g nsid 0 hostid 100000 range 65536
>       lxc-start 1413475508.126 WARN     lxc_log - lxc_log_init called with log already initialized
>       lxc-start 1413475508.126 INFO     lxc_lsm - LSM security driver AppArmor
>       lxc-start 1413475508.127 INFO     lxc_conf - tty's configured
>       lxc-start 1413475508.364 INFO     lxc_start - 'centos6' is initialized
>       lxc-start 1413475508.365 INFO     lxc_start - Cloning a new user namespace
>       lxc-start 1413475508.365 INFO     lxc_cgroup - cgroup driver cgmanager initing for centos6
>       lxc-start 1413475508.550 NOTICE   lxc_start - switching to gid/uid 0 in new user namespace
>       lxc-start 1413475508.552 INFO     lxc_conf - 'centos6' hostname has been setup
>       lxc-start 1413475508.552 INFO     lxc_conf - network has been setup
>       lxc-start 1413475508.552 INFO     lxc_conf - Autodev not required.
>       lxc-start 1413475508.552 ERROR    lxc_conf - Operation not permitted - error mounting (null) on /usr/lib/x86_64-linux-gnu/lxc/proc/sys
>       lxc-start 1413475508.552 ERROR    lxc_conf - failed to setup the automatic mounts for 'centos6'
>       lxc-start 1413475508.552 ERROR    lxc_start - failed to setup the container
>       lxc-start 1413475508.553 ERROR    lxc_sync - invalid sequence number 1. expected 2
>       lxc-start 1413475508.604 ERROR    lxc_start - failed to spawn 'centos6'
>       lxc-start 1413475508.609 ERROR    lxc_start_ui - The container failed to start.
>       lxc-start 1413475508.609 ERROR    lxc_start_ui - Additional information can be obtained by setting the --logfile and --log-priority options.
>       
>       
> gh at systemlocal:~$ cat /proc/mounts 
> rootfs / rootfs rw 0 0
> sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
> proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
> udev /dev devtmpfs rw,relatime,size=4072292k,nr_inodes=1018073,mode=755 0 0
> devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
> tmpfs /run tmpfs rw,nosuid,noexec,relatime,size=816696k,mode=755 0 0
> /dev/mapper/lvm-xubuntu14 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
> none /sys/fs/cgroup tmpfs rw,relatime,size=4k,mode=755 0 0
> none /sys/fs/fuse/connections fusectl rw,relatime 0 0
> none /sys/kernel/debug debugfs rw,relatime 0 0
> none /sys/kernel/security securityfs rw,relatime 0 0
> none /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
> none /run/shm tmpfs rw,nosuid,nodev,relatime 0 0
> none /run/user tmpfs rw,nosuid,nodev,noexec,relatime,size=102400k,mode=755 0 0
> none /sys/fs/pstore pstore rw,relatime 0 0
> cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset,release_agent=/run/cgmanager/agents/cgm-release-agent.cpuset,clone_children 0 0
> cgroup /sys/fs/cgroup/cpu cgroup rw,relatime,cpu,release_agent=/run/cgmanager/agents/cgm-release-agent.cpu 0 0
> cgroup /sys/fs/cgroup/cpuacct cgroup rw,relatime,cpuacct,release_agent=/run/cgmanager/agents/cgm-release-agent.cpuacct 0 0
> cgroup /sys/fs/cgroup/memory cgroup rw,relatime,memory,release_agent=/run/cgmanager/agents/cgm-release-agent.memory 0 0
> cgroup /sys/fs/cgroup/devices cgroup rw,relatime,devices,release_agent=/run/cgmanager/agents/cgm-release-agent.devices 0 0
> cgroup /sys/fs/cgroup/freezer cgroup rw,relatime,freezer,release_agent=/run/cgmanager/agents/cgm-release-agent.freezer 0 0
> cgroup /sys/fs/cgroup/blkio cgroup rw,relatime,blkio,release_agent=/run/cgmanager/agents/cgm-release-agent.blkio 0 0
> cgroup /sys/fs/cgroup/perf_event cgroup rw,relatime,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event 0 0
> cgroup /sys/fs/cgroup/hugetlb cgroup rw,relatime,hugetlb,release_agent=/run/cgmanager/agents/cgm-release-agent.hugetlb 0 0
> /dev/mapper/lvm-varlog /var/log ext4 rw,relatime,data=ordered 0 0
> /dev/mapper/lvm-home2 /home ext4 rw,relatime,data=ordered 0 0
> /dev/sda1 /boot ext2 rw,relatime 0 0
> systemd /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,release_agent=/run/cgmanager/agents/cgm-release-agent.systemd,name=systemd 0 0
> gvfsd-fuse /run/user/1000/gvfs fuse.gvfsd-fuse rw,nosuid,nodev,relatime,user_id=1000,group_id=1000 0 0
> 

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list