[lxc-users] upgrade to LXC 1.0.6 : segfault

Yannick Barbeaux ybarbeaux at gmail.com
Wed Oct 29 12:34:48 UTC 2014 

Sorry to say so but I am very doubtful about the fact that lxc does not
have anything to do with the garbled logs problem.
I have been using Debian servers (with or without xen) for many years and
it is the first time I face such issues.

One relevant example is that my guest domain has iptables rules and logs
dropped packets.
The logging rule is:
iptables -A OUTPUT -j LOG --log-prefix " dropped by firewall (OUTPUT) "

so I find the following lines in kern.log: (when not garbled)

Oct 29 12:22:31 myhost kernel: [68725.452738]  dropped by firewall
(OUTPUT)IN= OUT=eth0 SRC=ip_address DST=ip_address LEN=109 TOS=0x00
PREC=0x00 TTL=255 ID=5689 DF PROTO=41

I discovered that I have similar lines in the kern.log of my containers
while they have absolutely no iptables rules:

Oct 29 13:10:04 localhost kernel: [71575.889092]  dropped by firewall
(OUTPUT)IN= OUT=eth0 SRC=ip_address DST=ip_address LEN=116 TOS=0x00
PREC=0x00 TTL=255 ID=7628 DF PROTO=41



As suggested here
<https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1003888>, I added the
following lines in my containers conf file:

lxc.cap.drop = sys_module mac_admin syslog
but that did not help.


Commenting out/removing the line including “$ModLoad imklog” in
/etc/rsyslog.conf as suggested is not an option since I need the logging
possibilities.

Any help is greatly appreciated.

Thank you.

Yannick

On 28 October 2014 06:45, Hans Feldt <hans.feldt at ericsson.com> wrote:

>  Regarding garbled logs, you should disable kernel logging in the guest
> by commenting out/removing the line including “$ModLoad imklog” in
> /etc/rsyslog.conf
>
> Thanks,
>
> Hans
>
>
>
> *From:* lxc-users [mailto:lxc-users-bounces at lists.linuxcontainers.org] *On
> Behalf Of *Yannick Barbeaux
> *Sent:* den 27 oktober 2014 17:08
> *To:* lxc-users at lists.linuxcontainers.org
> *Subject:* [lxc-users] upgrade to LXC 1.0.6 : segfault
>
>
>
> Hi everyone,
>
> my first post in the LXC world!
>
> I have been using LXC 1.0.3 on debian wheezy for a few months now and
> everything worked fine, except that the kern.log (and thus syslog too) on
> "Dom0" was garbled as soon as I started any container :
>
> example:
> Oct 27 16:19:51 myserver kernel: rl(NU)I=r.0
> U=MC0:05:00:1f:ac:1e:60:0SC0000DT24001LN3 O=x0PE=x0TL1I= FPOO2
> Oct 27 16:19:53 myserver kernel: 91845] rpe yfrwl IPT Nb012OT
> A=10:e0:00:e5:86:88:80 R=... S=2... E=2TS00 RC0C T= D0D RT=  2.233 rp  ra
> NTIb.4U C10e001ece20480R0. =..E2S0R0 =DDR=4>[  922.837874]  dropped by
> firewall (INPUT) IN=br0105 OU=MC0:05:00:16:09:99:f0:0SC0000DT=2... E=2TS00
> RC0C T= D0D RT= ==x0PE=x0TL1I= FPOO2
>
> it seems that various processes write at the same time in the logs and
> thus it is totally messy.
>
> I thought that upgrading to LXC 1.0.6 could solve that issue. I downloaded
> the sources and compiled the new version with python enabled.
>
> The real problems started with that new version: after rebooting, the
> containers would simply not start (lxc-start -d -n p1 does not do
> anything, nothing in the logs either). After investigations, I found out
> that the link to the liblxc pointed to the liblxc.so.1.1.0.alpha1.
>
> After deleting the symbolic link and recreating it to point to
> liblxc.so.1.0.6, I was able to launch the containers successfully but
> unfortunately, one of the command I used the most, lxc-ls --fancy was
> broken (Segmentation fault). Same issue for the lxc-autostart command.
>
> Furthermore, after each reboot, the link to the alpha1 version of the lib
> is automatically recreated so before launching the containers, I have to
> execute those commands to recreate the correct link:
> rm /usr/local/lib/liblxc.so.1
> ln -s /usr/local/lib/liblxc.so.1.0.6 /usr/local/lib/liblxc.so.1
>
>
>
> And guess what, with the v1.0.6, my kern.log and syslog are still garbled
> so the upgrade was definitely not efficient in my case.
>
> To sum up, since the upgrade, I face the following issues:
> - garbled logs on "Dom0" (same issue as with v1.0.3)
> - link to the liblxc.so.1.1.0alpha is recreated at each system startup
> (and implies that I cannot launch my containers)
> - lxc-ls --fancy and lxc-autostart not working anymore
>
> Any help on this would be really appreciated.
>
> Thanks
>
> Yannick
>
>
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20141029/d2f9a70f/attachment.html>

More information about the lxc-users mailing list