[lxc-users] Unable to Start Unprivileged Containers on Debian / Jessie

Chris berzerkatives at gmail.com
Sat Sep 27 13:06:32 UTC 2014 

On 27/09/14 00:02, Serge Hallyn wrote:
> Is /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic (or wherever it
> sits) setuid-root?
>
Yes. This was that problem. To my knowledge this program requires setuid 
to be at all useful, so I wonder why it's not distributed as such on 
Debian/Jessie.

Now my container seems to be running into another issue, it's having 
problems populating /dev, I see on the mailing lists that this (or a 
very similar) issue cropped up in February, and had since been patched, 
so very likely that I'm still doing something wrong. I've attached the 
trace level log detailing initialisation of the container.
-------------- next part --------------
      lxc-start 1411807327.376 INFO     lxc_start_ui - using rcfile /home/osmium/.local/share/lxc/osmium/config
      lxc-start 1411807327.399 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
      lxc-start 1411807327.420 INFO     lxc_confile - read uid map: type u nsid 0 hostid 427680 range 65536
      lxc-start 1411807327.420 INFO     lxc_confile - read uid map: type g nsid 0 hostid 427680 range 65536
      lxc-start 1411807327.420 WARN     lxc_log - lxc_log_init called with log already initialized
      lxc-start 1411807327.420 INFO     lxc_lsm - LSM security driver nop
      lxc-start 1411807327.420 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
      lxc-start 1411807327.432 DEBUG    lxc_conf - allocated pty '/dev/pts/2' (5/6)
      lxc-start 1411807327.432 INFO     lxc_conf - tty's configured
      lxc-start 1411807327.432 DEBUG    lxc_start - sigchild handler set
      lxc-start 1411807327.432 DEBUG    lxc_console - opening /home/osmium/.console for console peer
      lxc-start 1411807327.432 DEBUG    lxc_console - using '/home/osmium/.console' as console
      lxc-start 1411807327.432 DEBUG    lxc_console - no console peer
      lxc-start 1411807327.776 INFO     lxc_start - 'osmium' is initialized
      lxc-start 1411807327.807 DEBUG    lxc_start - Not dropping cap_sys_boot or watching utmp
      lxc-start 1411807327.807 INFO     lxc_start - Cloning a new user namespace
      lxc-start 1411807327.807 INFO     lxc_cgroup - cgroup driver cgroupfs initing for osmium
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.deny' set to 'a'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c *:* m'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'b *:* m'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 5:1 rwm'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 10:229 rwm'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 1:3 rwm'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 5:2 rwm'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 136:* rwm'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 1:8 rwm'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 254:0 rwm'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 5:0 rwm'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 1:9 rwm'
      lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 1:5 rwm'
      lxc-start 1411807327.811 INFO     lxc_cgfs - cgroup has been setup
      lxc-start 1411807327.932 NOTICE   lxc_start - switching to gid/uid 0 in new user namespace
      lxc-start 1411807327.935 DEBUG    lxc_conf - mounted '/home/osmium/root' on '/usr/lib/x86_64-linux-gnu/lxc/rootfs'
      lxc-start 1411807327.935 INFO     lxc_conf - 'osmium' hostname has been setup
      lxc-start 1411807327.936 DEBUG    lxc_conf - mac address '00:16:3e:73:bd:de' on 'eth0' has been setup
      lxc-start 1411807327.936 DEBUG    lxc_conf - 'eth0' has been setup
      lxc-start 1411807327.936 INFO     lxc_conf - network has been setup
      lxc-start 1411807327.937 DEBUG    lxc_conf - Set exec command to /sbin/init
      lxc-start 1411807327.952 INFO     lxc_conf - Container with systemd init detected - enabling autodev!
      lxc-start 1411807327.952 INFO     lxc_conf - Mounting /dev under /usr/lib/x86_64-linux-gnu/lxc/rootfs
      lxc-start 1411807327.952 DEBUG    lxc_conf - entering mount_check_fs for /dev
      lxc-start 1411807327.952 DEBUG    lxc_conf - mount_check_fs returning 1 last devtmpfs
      lxc-start 1411807327.952 INFO     lxc_conf - Setup in /dev/.lxc failed.  Trying /dev/.lxc/user.
      lxc-start 1411807327.953 ERROR    lxc_conf - Permission denied - WARNING: Failed to create symlink '/home/osmium/.local/share/lxc/osmium/rootfs.dev'->'/dev/.lxc/user/osmium.3c68b3f0c5eeec7d'
      lxc-start 1411807327.953 DEBUG    lxc_conf - Bind mounting /dev/.lxc/user/osmium.3c68b3f0c5eeec7d to /usr/lib/x86_64-linux-gnu/lxc/rootfs/dev
      lxc-start 1411807327.953 INFO     lxc_conf - Mounted /dev under /usr/lib/x86_64-linux-gnu/lxc/rootfs
      lxc-start 1411807327.953 WARN     lxc_conf - ignoring mount point '/home/osmium/proc'
      lxc-start 1411807327.953 WARN     lxc_conf - ignoring mount point '/home/osmium/dev/pts'
      lxc-start 1411807327.953 WARN     lxc_conf - ignoring mount point '/home/osmium/sys'
      lxc-start 1411807327.953 INFO     lxc_conf - mount points have been setup
      lxc-start 1411807327.954 INFO     lxc_conf - Creating initial consoles under /usr/lib/x86_64-linux-gnu/lxc/rootfs/dev
      lxc-start 1411807327.954 INFO     lxc_conf - Populating /dev under /usr/lib/x86_64-linux-gnu/lxc/rootfs
      lxc-start 1411807327.954 ERROR    lxc_conf - Operation not permitted - Error creating null
      lxc-start 1411807327.954 ERROR    lxc_conf - failed to populate /dev in the container
      lxc-start 1411807327.954 ERROR    lxc_start - failed to setup the container
      lxc-start 1411807327.954 ERROR    lxc_sync - invalid sequence number 1. expected 2
      lxc-start 1411807327.954 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
      lxc-start 1411807328.067 ERROR    lxc_start - failed to spawn 'osmium'
      lxc-start 1411807328.068 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
      lxc-start 1411807328.068 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
      lxc-start 1411807328.069 ERROR    lxc_start_ui - The container failed to start.
      lxc-start 1411807328.069 ERROR    lxc_start_ui - Additional information can be obtained by setting the --logfile and --log-priority options.

More information about the lxc-users mailing list