[lxc-users] [Unable to start using lvm backend]

Xavier Gendre gendre.reivax at gmail.com
Mon Apr 13 11:42:46 UTC 2015 

It may be useful to give more details about what i am trying to do ;-) I 
work with a Debian Jessie and LXC 1.0.6 from the Debian repository.

First, i give an ID range to root and i set the container's 
configuration with this range:

root # grep root /etc/sub[ug]id
/etc/subgid:root:558752:65536
/etc/subuid:root:558752:65536

root # cat test.conf
lxc.id_map = u 0 558752 65536
lxc.id_map = g 0 558752 65536
lxc.network.type = empty

Then, i create a container with the 'download' template,

root # lxc-create -n test -f test.conf -t download -B lvm --vgname Pool 
-- -d debian -r wheezy -a amd64
File descriptor 3 (/var/lib/lxc/test/partial) leaked on lvcreate 
invocation. Parent PID 1506: lxc-create
   Logical volume "test" created
Using image from local cache
Unpacking the rootfs
[...]

Finally, i try to start this container but it miserably fails,

root # lxc-start -n test --logfile test.log --logpriority DEBUG
lxc-start: failed to determine fs type for '/dev/Pool/test'
lxc-start: failed to determine fs type for '/dev/dm-7'
lxc-start: failed to mount rootfs
lxc-start: failed to setup rootfs for 'test'
lxc-start: Error setting up rootfs mount after spawn
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'test'
lxc-start: The container failed to start.
lxc-start: Additional information can be obtained by setting the 
--logfile and --logpriority options.

Here is the content of the log file if it helps,

root # cat test.log
       lxc-start 1428924388.945 INFO     lxc_start_ui - using rcfile 
/var/lib/lxc/test/config
       lxc-start 1428924388.945 INFO     lxc_confile - read uid map: 
type u nsid 0 hostid 558752 range 65536
       lxc-start 1428924388.945 INFO     lxc_confile - read uid map: 
type g nsid 0 hostid 558752 range 65536
       lxc-start 1428924388.945 WARN     lxc_log - lxc_log_init called 
with log already initialized
       lxc-start 1428924388.945 INFO     lxc_lsm - LSM security driver nop
       lxc-start 1428924388.947 DEBUG    lxc_conf - allocated pty 
'/dev/pts/3' (5/6)
       lxc-start 1428924388.947 DEBUG    lxc_conf - allocated pty 
'/dev/pts/4' (7/8)
       lxc-start 1428924388.947 DEBUG    lxc_conf - allocated pty 
'/dev/pts/5' (9/10)
       lxc-start 1428924388.947 DEBUG    lxc_conf - allocated pty 
'/dev/pts/6' (11/12)
       lxc-start 1428924388.947 INFO     lxc_conf - tty's configured
       lxc-start 1428924388.947 DEBUG    lxc_start - sigchild handler set
       lxc-start 1428924388.947 DEBUG    lxc_console - opening /dev/tty 
for console peer
       lxc-start 1428924388.947 DEBUG    lxc_console - using '/dev/tty' 
as console
       lxc-start 1428924388.947 DEBUG    lxc_console - 1587 got SIGWINCH 
fd 17
       lxc-start 1428924388.947 DEBUG    lxc_console - set winsz 
dstfd:14 cols:145 rows:58
       lxc-start 1428924388.947 INFO     lxc_start - 'test' is initialized
       lxc-start 1428924388.948 DEBUG    lxc_start - Not dropping 
cap_sys_boot or watching utmp
       lxc-start 1428924388.961 DEBUG    bdev - trying to mount 
'/dev/Pool/test'->'/usr/lib/x86_64-linux-gnu/lxc/rootfs' with fstype 'ext3'
       lxc-start 1428924388.971 INFO     bdev - mounted '/dev/Pool/test' 
on '/usr/lib/x86_64-linux-gnu/lxc/rootfs', with fstype 'ext3'
       lxc-start 1428924388.971 DEBUG    lxc_conf - mounted 
'/dev/Pool/test' on '/usr/lib/x86_64-linux-gnu/lxc/rootfs'
       lxc-start 1428924388.971 INFO     lxc_start - Set up container 
rootfs as host root
       lxc-start 1428924388.971 INFO     lxc_start - Cloning a new user 
namespace
       lxc-start 1428924388.971 INFO     lxc_cgroup - cgroup driver 
cgroupfs initing for test
       lxc-start 1428924388.983 NOTICE   lxc_start - switching to 
gid/uid 0 in new user namespace
       lxc-start 1428924388.984 DEBUG    bdev - trying to mount 
'/dev/Pool/test'->'/usr/lib/x86_64-linux-gnu/lxc/rootfs' with fstype 'ext3'
       lxc-start 1428924388.984 DEBUG    bdev - mount failed with error: 
Operation not permitted
       lxc-start 1428924388.984 DEBUG    bdev - trying to mount 
'/dev/Pool/test'->'/usr/lib/x86_64-linux-gnu/lxc/rootfs' with fstype 'ext2'
       lxc-start 1428924388.984 DEBUG    bdev - mount failed with error: 
Operation not permitted
       lxc-start 1428924388.984 DEBUG    bdev - trying to mount 
'/dev/Pool/test'->'/usr/lib/x86_64-linux-gnu/lxc/rootfs' with fstype 'ext4'
       lxc-start 1428924388.984 DEBUG    bdev - mount failed with error: 
Operation not permitted
       lxc-start 1428924388.984 ERROR    bdev - failed to determine fs 
type for '/dev/Pool/test'
       lxc-start 1428924388.985 DEBUG    lxc_conf - trying to mount 
'/dev/dm-7'->'/usr/lib/x86_64-linux-gnu/lxc/rootfs' with fstype 'ext3'
       lxc-start 1428924388.985 DEBUG    lxc_conf - mount failed with 
error: Operation not permitted
       lxc-start 1428924388.985 DEBUG    lxc_conf - trying to mount 
'/dev/dm-7'->'/usr/lib/x86_64-linux-gnu/lxc/rootfs' with fstype 'ext2'
       lxc-start 1428924388.985 DEBUG    lxc_conf - mount failed with 
error: Operation not permitted
       lxc-start 1428924388.985 DEBUG    lxc_conf - trying to mount 
'/dev/dm-7'->'/usr/lib/x86_64-linux-gnu/lxc/rootfs' with fstype 'ext4'
       lxc-start 1428924388.985 DEBUG    lxc_conf - mount failed with 
error: Operation not permitted
       lxc-start 1428924388.985 ERROR    lxc_conf - failed to determine 
fs type for '/dev/dm-7'
       lxc-start 1428924388.986 ERROR    lxc_conf - failed to mount rootfs
       lxc-start 1428924388.986 ERROR    lxc_conf - failed to setup 
rootfs for 'test'
       lxc-start 1428924388.987 ERROR    lxc_conf - Error setting up 
rootfs mount after spawn
       lxc-start 1428924388.988 ERROR    lxc_start - failed to setup the 
container
       lxc-start 1428924388.988 ERROR    lxc_sync - invalid sequence 
number 1. expected 2
       lxc-start 1428924388.989 ERROR    lxc_start - failed to spawn 'test'
       lxc-start 1428924388.989 WARN     lxc_conf - Failed to locate 
autodev /dev/.lxc and /dev/.lxc/user.
       lxc-start 1428924388.990 ERROR    lxc_start_ui - The container 
failed to start.
       lxc-start 1428924388.990 ERROR    lxc_start_ui - Additional 
information can be obtained by setting the --logfile and --logpriority 
options.

The problem seems to be that the subuid is not allowed to mount the 
rootfs. Naively, i thought that starting the container as root would 
avoid such a complication. It is the case at time 1428924388.971 but it 
begins to fail after switching to the new user namespace at time 
1428924388.983.

Thanks for help!
Xavier

Le 25/01/2015 01:11, Serge Hallyn a écrit :
> Yes, unprivileged users cannot manipulate the lvm devices on the host.
>
> You can still use user namespaces though.  I have a few containers on my main
> server which do that.  They each run in a unique uid range, but are started by
> root, so that they can use lvm (actually luks-encrypted lvm) backends.
>
> Just add the lxc.id_map lines as per usual to containers which are owned by
> root.  And make sure to allocate the ranges to root in /etc/sub[ug]id.
>
> -serge
>
> Quoting Andrea Masi (eraclitux at gmail.com):
>> The problem seems related to unprivileged containers that seems cannot work
>> with -B lvm.
>> Must we assume that lvm backed store (and maybe others) actually cannot
>> work with unprivileged containers?
>>
>>
>> 2015-01-23 17:02 GMT+01:00 Andrea Masi <eraclitux at gmail.com>:
>>
>>> Hi,
>>> I'm using lxc 1.0.6 on ubuntu 14.04.
>>> I've no problems creating/running on dir backing store but when I use lvm
>>> I cannot start containers getting these errors:
>>>
>>> lxc-start 1422026234.562 ERROR    bdev - failed to determine fs type for
>>> '/dev/lxc/lvm-cont'
>>> lxc-start 1422026234.563 ERROR    lxc_conf - failed to determine fs type
>>> for '/dev/dm-0'
>>> lxc-start 1422026234.564 ERROR    lxc_conf - failed to mount rootfs
>>> lxc-start 1422026234.564 ERROR    lxc_conf - failed to setup rootfs for
>>> 'lvm-cont'
>>> lxc-start 1422026234.565 ERROR    lxc_conf - Error setting up rootfs mount
>>> after spawn
>>> lxc-start 1422026234.565 ERROR    lxc_start - failed to setup the container
>>> lxc-start 1422026234.566 ERROR    lxc_sync - invalid sequence number 1.
>>> expected 2
>>> lxc-start 1422026234.566 ERROR    lxc_start - failed to spawn 'lvm-cont'
>>> lxc-start 1422026234.574 ERROR    lxc_start_ui - The container failed to
>>> start.
>>> lxc-start 1422026234.575 ERROR    lxc_start_ui - Additional information
>>> can be obtained by setting the --logfile and --logpriority options.
>>>
>>> I've tried different template createds with -t download for example:
>>> lxc-create -t download -n lvm-cont -B lvm -- -d ubuntu -r utopic -a amd64
>>>
>>> I can manually mount with no problem /dev/lxc/lvm-cont
>>>
>>> Any idea on what can it be wrong?
>>>
>>> Thanks.
>>>
>>> --
>>> www.eraclitux.com
>>>
>>
>>
>>
>> --
>> www.eraclitux.com
>
>> _______________________________________________
>> lxc-users mailing list
>> lxc-users at lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>

More information about the lxc-users mailing list