[lxc-users] CRIU with lxc.network.type empty fails

Tycho Andersen tycho.andersen at canonical.com
Tue Aug 11 14:37:22 UTC 2015


On Tue, Aug 11, 2015 at 09:04:46AM +0200, Dietmar Maurer wrote:
> I no get another error:
> 
> (00.000399) Error (proc_parse.c:826): SECCOMP_MODE_FILTER not currently
> supported
> (00.000401) Error (proc_parse.c:839): Error parsing proc status file
> 
> So I have to set:
> 
> lxc.seccomp =

Yep, I'm working on adding SECCOMP_MODE_FILTER support right now.

> which is bad, because 'umount -f' can be used to terminate lxcfs...

Yes, and since these have to be privileged containers anyway I don't
think they're very secure. But hopefully we'll fix that.

> After that, I get:
> 
> ...
> 00.013118) timerfd: Dumping id 0x13 clockid 1 it_value(86392, 143546305)
> it_interval(0, 0)
> (00.013122) fdinfo: type: 0x11 flags: 02004002/01 pos: 0x       0 fd: 24
> (00.013131) 24683 fdinfo 25: pos: 0x               0 flags:          2004000/0x1
> (00.013143) fsnotify: wd: wd 0x00000003 s_dev 0x00700000 i_ino 0x
>             517 mask 0x0800ad84
> (00.013145) fsnotify:   [fhandle] bytes 0x00000008 type 0x00000001 __handle
> 0x004f3d2c00000517:0x0
> 000000000000000
> (00.013147) fsnotify: Opening fhandle 700000:4f3d2c00000517...
> (00.013150) Path `/' resolved to `./' mountpoint
> (00.013153) fsnotify:   Handle 0x700000:0x517 is openable
> (00.013154) Warn  (fsnotify.c:188): fsnotify:   Handle 0x700000:0x517 cannot be
> opened
> (00.013156) irmap: Resolving 700:517 path
> (00.013157) irmap: Scanning /etc hint
> (00.013162) irmap: Scanning /var/spool hint
> (00.013163) irmap: Scanning /lib/udev hint
> (00.013165) irmap: Scanning /. hint
> (00.013166) irmap: Scanning /no-such-path hint
> (00.013167) irmap: Refresh stat for /no-such-path
> (00.013174) Error (irmap.c:81): irmap: Can't stat /no-such-path: No such file or
> directory
> (00.013176) Error (fsnotify.c:191): fsnotify:   Can't dump that handle
> (00.013183) ----------------------------------------
> (00.013185) Error (cr-dump.c:1255): Dump files (pid: 24683) failed with -1
> 
> This is a simple centos7 container - nothing running (onyl systemd).
> Any idea whats wrong?

Not sure, this is likely something that systemd is doing to confuse
CRIU. The CRIU list may have a better idea, I've not seen it before.

Tycho


More information about the lxc-users mailing list