[lxc-users] unprivileged container with systemd?
Dirk Geschke
dirk at lug-erding.de
Mon Feb 9 18:46:45 UTC 2015
Hi Serge,
> Hm, seems unlikely. From lxc's pov things seem ok since init is starting.
> Could you show the container configuration file as well as any files
> which are lxc.include'd from it? I'd start systemd with its debug options
> to get more info about where it's going wrong.
>
> When you say even lxc-attach doesn't work - what happens when you run it?
> That's definately weird. lxc-attach requires nothing from the container
> itself other than a /bin/sh in rootfs and a init task that exists.
I'm a step further, I guess...
lxc-attach simply does nothing, it is blocked without any action but
I can terminate it with CTRL-C.
I get further, if I kill lxcfs, in this case I get these messages:
Failed to open pin file: Transport endpoint is not connected
Failed to allocate manager object: Transport endpoint is not
connected
[!!!!!!] Failed to allocate manager object, freezing.
But then I can attach to the container. As expected, a df shows:
df: '/proc/cpuinfo': Transport endpoint is not connected
df: '/proc/meminfo': Transport endpoint is not connected
df: '/proc/stat': Transport endpoint is not connected
df: '/proc/uptime': Transport endpoint is not connected
df: '/sys/fs/cgroup/blkio': Transport endpoint is not connected
df: '/sys/fs/cgroup/cpu': Transport endpoint is not connected
...
So there seems to be a problem in the communication between
systemd and lxcfs. A ps does not work, mentions /proc should
be mounted, but it is there:
lrwxrwxrwx 1 root root 0 Feb 9 18:37 /proc/1/exe -> /lib/systemd/systemd
I guess, this is due to the now missing lxcfs...
The installed systemd is 218-7ubuntu1.
Attached is the debug output and the config file. Except the entry
lxc.init_cmd to start systemd, there are no changes to the default.
lxcfs is started this way:
~geschke/lxcfs/lxcfs -d -s -f -o allow_other /usr/local/var/lib/lxcfs
This one is linked against the newest libfuse, but this doesn't
change anything...
Best regards
Dirk
--
+----------------------------------------------------------------------+
| Dr. Dirk Geschke / Plankensteinweg 61 / 85435 Erding |
| Telefon: 08122-559448 / Mobil: 0176-96906350 / Fax: 08122-9818106 |
| dirk at geschke-online.de / dirk at lug-erding.de / kontakt at lug-erding.de |
+----------------------------------------------------------------------+
-------------- next part --------------
# Template used to create this container: /usr/local/share/lxc/templates/lxc-download
# Parameters passed to the template: -d ubuntu -r vivid -a amd64
# For additional config options, please look at lxc.container.conf(5)
# Distribution configuration
lxc.include = /usr/local/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/local/share/lxc/config/ubuntu.userns.conf
lxc.arch = x86_64
# Container specific configuration
lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = /home/lxcuser/.local/share/lxc/ubuntu/rootfs
lxc.utsname = ubuntu
# Network configuration
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:1a:fd:8f
lxc.init_cmd = /bin/systemd
-------------- next part --------------
lxc-start 1423507391.154 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/lxcuser/.local/share/lxc/ubuntu/config
lxc-start 1423507391.154 INFO lxc_utils - utils.c:get_rundir:437 - XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1423507391.154 WARN lxc_confile - confile.c:config_pivotdir:1768 - lxc.pivotdir is ignored. It will soon become an error.
lxc-start 1423507391.154 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type u nsid 0 hostid 100000 range 65536
lxc-start 1423507391.154 INFO lxc_confile - confile.c:config_idmap:1376 - read uid map: type g nsid 0 hostid 100000 range 65536
lxc-start 1423507391.155 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized
lxc-start 1423507391.157 WARN lxc_cgmanager - cgmanager.c:cgm_get:962 - do_cgm_get exited with error
lxc-start 1423507391.157 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver nop
lxc-start 1423507391.157 INFO lxc_utils - utils.c:get_rundir:437 - XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1423507391.157 DEBUG lxc_start - start.c:setup_signal_fd:259 - sigchild handler set
lxc-start 1423507391.157 DEBUG lxc_console - console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer
lxc-start 1423507391.157 INFO lxc_caps - caps.c:lxc_caps_up:101 - Last supported cap was 34
lxc-start 1423507391.157 DEBUG lxc_console - console.c:lxc_console_peer_default:506 - using '/dev/tty' as console
lxc-start 1423507391.157 DEBUG lxc_console - console.c:lxc_console_sigwinch_init:179 - 7636 got SIGWINCH fd 9
lxc-start 1423507391.157 DEBUG lxc_console - console.c:lxc_console_winsz:88 - set winsz dstfd:6 cols:80 rows:24
lxc-start 1423507391.219 INFO lxc_start - start.c:lxc_init:451 - 'ubuntu' is initialized
lxc-start 1423507391.220 DEBUG lxc_start - start.c:__lxc_start:1130 - Not dropping cap_sys_boot or watching utmp
lxc-start 1423507391.220 INFO lxc_start - start.c:lxc_spawn:863 - Cloning a new user namespace
lxc-start 1423507391.220 INFO lxc_cgroup - cgroup.c:cgroup_init:65 - cgroup driver cgmanager initing for ubuntu
lxc-start 1423507391.320 NOTICE lxc_start - start.c:do_start:667 - switching to gid/uid 0 in new user namespace
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:setup_rootfs:1267 - mounted '/home/lxcuser/.local/share/lxc/ubuntu/rootfs' on '/usr/local/lib/lxc/rootfs'
lxc-start 1423507391.322 INFO lxc_conf - conf.c:setup_utsname:902 - 'ubuntu' hostname has been setup
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:setup_hw_addr:2219 - mac address '00:16:3e:1a:fd:8f' on 'eth0' has been setup
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:setup_netdev:2446 - 'eth0' has been setup
lxc-start 1423507391.322 INFO lxc_conf - conf.c:setup_network:2467 - network has been setup
lxc-start 1423507391.322 INFO lxc_conf - conf.c:mount_autodev:1131 - Mounting /dev under /usr/local/lib/lxc/rootfs
lxc-start 1423507391.322 INFO lxc_conf - conf.c:mount_autodev:1152 - Mounted tmpfs onto /usr/local/lib/lxc/rootfs/dev
lxc-start 1423507391.322 INFO lxc_conf - conf.c:mount_autodev:1170 - Mounted /dev under /usr/local/lib/lxc/rootfs
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /sys/fs/fuse/connections on /usr/local/lib/lxc/rootfs/sys/fs/fuse/connections to respect bind or remount options
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /sys/fs/fuse/connections was 4096, required extra flags are 0
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1736 - mountflags already was 4096, skipping remount
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/sys/fs/fuse/connections' on '/usr/local/lib/lxc/rootfs/sys/fs/fuse/connections', type 'none'
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /sys/kernel/debug on /usr/local/lib/lxc/rootfs/sys/kernel/debug to respect bind or remount options
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /sys/kernel/debug was 4110, required extra flags are 14
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/sys/kernel/debug' on '/usr/local/lib/lxc/rootfs/sys/kernel/debug', type 'none'
lxc-start 1423507391.322 INFO lxc_conf - conf.c:mount_entry:1701 - failed to mount '/sys/kernel/security' on '/usr/local/lib/lxc/rootfs/sys/kernel/security' (optional): No such file or directory
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /sys/fs/pstore on /usr/local/lib/lxc/rootfs/sys/fs/pstore to respect bind or remount options
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /sys/fs/pstore was 4110, required extra flags are 14
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/sys/fs/pstore' on '/usr/local/lib/lxc/rootfs/sys/fs/pstore', type 'none'
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /dev/console on /usr/local/lib/lxc/rootfs/dev/console to respect bind or remount options
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /dev/console was 4096, required extra flags are 0
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1736 - mountflags already was 4096, skipping remount
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/dev/console' on '/usr/local/lib/lxc/rootfs/dev/console', type 'none'
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /dev/full on /usr/local/lib/lxc/rootfs/dev/full to respect bind or remount options
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /dev/full was 4096, required extra flags are 0
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1736 - mountflags already was 4096, skipping remount
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/dev/full' on '/usr/local/lib/lxc/rootfs/dev/full', type 'none'
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /dev/null on /usr/local/lib/lxc/rootfs/dev/null to respect bind or remount options
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /dev/null was 4096, required extra flags are 0
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1736 - mountflags already was 4096, skipping remount
lxc-start 1423507391.322 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/dev/null' on '/usr/local/lib/lxc/rootfs/dev/null', type 'none'
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /dev/random on /usr/local/lib/lxc/rootfs/dev/random to respect bind or remount options
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /dev/random was 4096, required extra flags are 0
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1736 - mountflags already was 4096, skipping remount
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/dev/random' on '/usr/local/lib/lxc/rootfs/dev/random', type 'none'
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /dev/tty on /usr/local/lib/lxc/rootfs/dev/tty to respect bind or remount options
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /dev/tty was 4096, required extra flags are 0
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1736 - mountflags already was 4096, skipping remount
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/dev/tty' on '/usr/local/lib/lxc/rootfs/dev/tty', type 'none'
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /dev/urandom on /usr/local/lib/lxc/rootfs/dev/urandom to respect bind or remount options
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /dev/urandom was 4096, required extra flags are 0
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1736 - mountflags already was 4096, skipping remount
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/dev/urandom' on '/usr/local/lib/lxc/rootfs/dev/urandom', type 'none'
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /dev/zero on /usr/local/lib/lxc/rootfs/dev/zero to respect bind or remount options
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /dev/zero was 4096, required extra flags are 0
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1736 - mountflags already was 4096, skipping remount
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/dev/zero' on '/usr/local/lib/lxc/rootfs/dev/zero', type 'none'
lxc-start 1423507391.323 INFO lxc_conf - conf.c:mount_entry:1701 - failed to mount '/sys/firmware/efi/efivars' on '/usr/local/lib/lxc/rootfs/sys/firmware/efi/efivars' (optional): No such file or directory
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1712 - remounting /proc/sys/fs/binfmt_misc on /usr/local/lib/lxc/rootfs/proc/sys/fs/binfmt_misc to respect bind or remount options
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1727 - (at remount) flags for /proc/sys/fs/binfmt_misc was 4110, required extra flags are 14
lxc-start 1423507391.323 DEBUG lxc_conf - conf.c:mount_entry:1762 - mounted '/proc/sys/fs/binfmt_misc' on '/usr/local/lib/lxc/rootfs/proc/sys/fs/binfmt_misc', type 'none'
lxc-start 1423507391.323 INFO lxc_conf - conf.c:mount_file_entries:2011 - mount points have been setup
lxc-start 1423507391.323 INFO lxc_conf - conf.c:run_script_argv:345 - Executing script '/usr/local/share/lxcfs/lxc.mount.hook' for container 'ubuntu', config section 'lxc'
lxc-start 1423507391.384 INFO lxc_conf - conf.c:fill_autodev:1198 - Creating initial consoles under /usr/local/lib/lxc/rootfs/dev
lxc-start 1423507391.384 INFO lxc_conf - conf.c:fill_autodev:1209 - Populating /dev under /usr/local/lib/lxc/rootfs
lxc-start 1423507391.384 INFO lxc_conf - conf.c:fill_autodev:1241 - Populated /dev under /usr/local/lib/lxc/rootfs
lxc-start 1423507391.384 INFO lxc_conf - conf.c:setup_dev_console:1492 - console has been setup
lxc-start 1423507391.384 INFO lxc_conf - conf.c:do_tmp_proc_mount:3542 - I am 1, /proc/self points to '1'
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:setup_rootfs_pivot_root:1109 - pivot_root syscall to '/usr/local/lib/lxc/rootfs' successful
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:lxc_create_tty:3330 - allocated pty '/dev/pts/0' (11/14)
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:lxc_create_tty:3330 - allocated pty '/dev/pts/1' (16/17)
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:lxc_create_tty:3330 - allocated pty '/dev/pts/2' (18/19)
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:lxc_create_tty:3330 - allocated pty '/dev/pts/3' (20/21)
lxc-start 1423507391.403 INFO lxc_conf - conf.c:lxc_create_tty:3341 - tty's configured
lxc-start 1423507391.403 INFO lxc_conf - conf.c:setup_tty:1054 - 4 tty(s) has been setup
lxc-start 1423507391.403 INFO lxc_conf - conf.c:setup_personality:1447 - set personality to '0x0'
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:setup_caps:2130 - drop capability 'mac_admin' (33)
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:setup_caps:2130 - drop capability 'mac_override' (32)
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:setup_caps:2130 - drop capability 'sys_time' (25)
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:setup_caps:2130 - drop capability 'sys_module' (16)
lxc-start 1423507391.403 DEBUG lxc_conf - conf.c:setup_caps:2139 - capabilities have been setup
lxc-start 1423507391.403 NOTICE lxc_conf - conf.c:lxc_setup:3921 - 'ubuntu' is setup.
lxc-start 1423507391.404 NOTICE lxc_start - start.c:start:1232 - exec'ing '/bin/systemd'
lxc-start 1423507391.404 NOTICE lxc_start - start.c:post_start:1243 - '/bin/systemd' started with pid '7646'
lxc-start 1423507391.404 INFO lxc_utils - utils.c:get_rundir:437 - XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1423507391.404 WARN lxc_start - start.c:signal_handler:307 - invalid pid for SIGCHLD
More information about the lxc-users
mailing list