[lxc-users] Unable to Start Unprivileged Containers on Debian / Jessie

Serge Hallyn serge.hallyn at ubuntu.com
Mon Sep 29 20:46:18 UTC 2014 

Hm, sorry, not looking deeper right now, but :

>       lxc-start 1411807327.953 ERROR    lxc_conf - Permission denied - WARNING: Failed to create symlink '/home/osmium/.local/share/lxc/osmium/rootfs.dev'->'/dev/.lxc/user/osmium.3c68b3f0c5eeec7d'

Something will need to set that up.  I can't recall offhand
what is supposed to do that.  Michael (cc:d), is that done
through the init script?

-serge

Quoting Chris (berzerkatives at gmail.com):
> 
> On 27/09/14 00:02, Serge Hallyn wrote:
> >Is /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic (or wherever it
> >sits) setuid-root?
> >
> Yes. This was that problem. To my knowledge this program requires
> setuid to be at all useful, so I wonder why it's not distributed as
> such on Debian/Jessie.
> 
> Now my container seems to be running into another issue, it's having
> problems populating /dev, I see on the mailing lists that this (or a
> very similar) issue cropped up in February, and had since been
> patched, so very likely that I'm still doing something wrong. I've
> attached the trace level log detailing initialisation of the
> container.

>       lxc-start 1411807327.376 INFO     lxc_start_ui - using rcfile /home/osmium/.local/share/lxc/osmium/config
>       lxc-start 1411807327.399 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
>       lxc-start 1411807327.420 INFO     lxc_confile - read uid map: type u nsid 0 hostid 427680 range 65536
>       lxc-start 1411807327.420 INFO     lxc_confile - read uid map: type g nsid 0 hostid 427680 range 65536
>       lxc-start 1411807327.420 WARN     lxc_log - lxc_log_init called with log already initialized
>       lxc-start 1411807327.420 INFO     lxc_lsm - LSM security driver nop
>       lxc-start 1411807327.420 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
>       lxc-start 1411807327.432 DEBUG    lxc_conf - allocated pty '/dev/pts/2' (5/6)
>       lxc-start 1411807327.432 INFO     lxc_conf - tty's configured
>       lxc-start 1411807327.432 DEBUG    lxc_start - sigchild handler set
>       lxc-start 1411807327.432 DEBUG    lxc_console - opening /home/osmium/.console for console peer
>       lxc-start 1411807327.432 DEBUG    lxc_console - using '/home/osmium/.console' as console
>       lxc-start 1411807327.432 DEBUG    lxc_console - no console peer
>       lxc-start 1411807327.776 INFO     lxc_start - 'osmium' is initialized
>       lxc-start 1411807327.807 DEBUG    lxc_start - Not dropping cap_sys_boot or watching utmp
>       lxc-start 1411807327.807 INFO     lxc_start - Cloning a new user namespace
>       lxc-start 1411807327.807 INFO     lxc_cgroup - cgroup driver cgroupfs initing for osmium
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.deny' set to 'a'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c *:* m'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'b *:* m'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 5:1 rwm'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 10:229 rwm'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 1:3 rwm'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 5:2 rwm'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 136:* rwm'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 1:8 rwm'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 254:0 rwm'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 5:0 rwm'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 1:9 rwm'
>       lxc-start 1411807327.811 DEBUG    lxc_cgfs - cgroup 'devices.allow' set to 'c 1:5 rwm'
>       lxc-start 1411807327.811 INFO     lxc_cgfs - cgroup has been setup
>       lxc-start 1411807327.932 NOTICE   lxc_start - switching to gid/uid 0 in new user namespace
>       lxc-start 1411807327.935 DEBUG    lxc_conf - mounted '/home/osmium/root' on '/usr/lib/x86_64-linux-gnu/lxc/rootfs'
>       lxc-start 1411807327.935 INFO     lxc_conf - 'osmium' hostname has been setup
>       lxc-start 1411807327.936 DEBUG    lxc_conf - mac address '00:16:3e:73:bd:de' on 'eth0' has been setup
>       lxc-start 1411807327.936 DEBUG    lxc_conf - 'eth0' has been setup
>       lxc-start 1411807327.936 INFO     lxc_conf - network has been setup
>       lxc-start 1411807327.937 DEBUG    lxc_conf - Set exec command to /sbin/init
>       lxc-start 1411807327.952 INFO     lxc_conf - Container with systemd init detected - enabling autodev!
>       lxc-start 1411807327.952 INFO     lxc_conf - Mounting /dev under /usr/lib/x86_64-linux-gnu/lxc/rootfs
>       lxc-start 1411807327.952 DEBUG    lxc_conf - entering mount_check_fs for /dev
>       lxc-start 1411807327.952 DEBUG    lxc_conf - mount_check_fs returning 1 last devtmpfs
>       lxc-start 1411807327.952 INFO     lxc_conf - Setup in /dev/.lxc failed.  Trying /dev/.lxc/user.
>       lxc-start 1411807327.953 ERROR    lxc_conf - Permission denied - WARNING: Failed to create symlink '/home/osmium/.local/share/lxc/osmium/rootfs.dev'->'/dev/.lxc/user/osmium.3c68b3f0c5eeec7d'
>       lxc-start 1411807327.953 DEBUG    lxc_conf - Bind mounting /dev/.lxc/user/osmium.3c68b3f0c5eeec7d to /usr/lib/x86_64-linux-gnu/lxc/rootfs/dev
>       lxc-start 1411807327.953 INFO     lxc_conf - Mounted /dev under /usr/lib/x86_64-linux-gnu/lxc/rootfs
>       lxc-start 1411807327.953 WARN     lxc_conf - ignoring mount point '/home/osmium/proc'
>       lxc-start 1411807327.953 WARN     lxc_conf - ignoring mount point '/home/osmium/dev/pts'
>       lxc-start 1411807327.953 WARN     lxc_conf - ignoring mount point '/home/osmium/sys'
>       lxc-start 1411807327.953 INFO     lxc_conf - mount points have been setup
>       lxc-start 1411807327.954 INFO     lxc_conf - Creating initial consoles under /usr/lib/x86_64-linux-gnu/lxc/rootfs/dev
>       lxc-start 1411807327.954 INFO     lxc_conf - Populating /dev under /usr/lib/x86_64-linux-gnu/lxc/rootfs
>       lxc-start 1411807327.954 ERROR    lxc_conf - Operation not permitted - Error creating null
>       lxc-start 1411807327.954 ERROR    lxc_conf - failed to populate /dev in the container
>       lxc-start 1411807327.954 ERROR    lxc_start - failed to setup the container
>       lxc-start 1411807327.954 ERROR    lxc_sync - invalid sequence number 1. expected 2
>       lxc-start 1411807327.954 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
>       lxc-start 1411807328.067 ERROR    lxc_start - failed to spawn 'osmium'
>       lxc-start 1411807328.068 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
>       lxc-start 1411807328.068 INFO     lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
>       lxc-start 1411807328.069 ERROR    lxc_start_ui - The container failed to start.
>       lxc-start 1411807328.069 ERROR    lxc_start_ui - Additional information can be obtained by setting the --logfile and --log-priority options.

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list