[lxc-users] LXC 1.1.3 update blocks container startup.

Andrey Repin anrdaemon at yandex.ru
Mon Oct 5 10:01:15 UTC 2015 

Greetings, Serge Hallyn!

>> >>       lxc-start 1443630810.241 WARN     lxc_confile - confile.c:config_pivotdir:1825 - lxc.pivotdir is ignored.  It will soon become an error.
>> >>       lxc-start 1443630810.247 WARN     lxc_cgmanager - cgmanager.c:cgm_get:993 - do_cgm_get exited with error
>> >>       lxc-start 1443630810.672 ERROR    lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:183 - No such file or directory - failed to change apparmor profile to lxc-container-default
>> >>       lxc-start 1443630810.672 ERROR    lxc_sync - sync.c:__sync_wait:51 - invalid sequence number 1. expected 4
>> >>       lxc-start 1443630810.672 ERROR    lxc_start - start.c:__lxc_start:1172 - failed to spawn 'dc1'
>> >>       lxc-start 1443630810.672 WARN     lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive response
>> >>       lxc-start 1443630810.673 WARN     lxc_cgmanager - cgmanager.c:cgm_get:993 - do_cgm_get exited with error
>> >>       lxc-start 1443630810.674 ERROR    lxc_cgmanager - cgmanager.c:cgm_remove_cgroup:523 - call to cgmanager_remove_sync failed: invalid request
>> >>       lxc-start 1443630810.674 ERROR    lxc_cgmanager - cgmanager.c:cgm_remove_cgroup:525 - Error removing all:lxc/dc1-1
>> >>       lxc-start 1443630815.678 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
>> >>       lxc-start 1443630815.679 ERROR    lxc_start_ui - lxc_start.c:main:346 - To get more details, run the container in foreground mode.
>> >>       lxc-start 1443630815.679 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
>> >> 
>> >> Anyone have ideas?
>> 
>> > The problem is that the lxc-container-default apparmor profile isn't
>> > loaded on your machine.
>> 
>> > You may want to restart apparmor to see if it then loads it properly.
>> 
>> Ok, let me ask a different question.
>> Can anyone walk me through some basic checks on this issue?
>> I've already tried a number of things, but I can't quite figure out, what's
>> wrong with the host. Everything seems normal and identical to the other hosts
>> I have.

> What does 'sudo aa-status' show?

# dpkg --list \*lxc\* \*apparmor\*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name               Version            Description
+++-==================-==================-====================================================
ii  apparmor           2.7.102-0ubuntu3.1 User-space parser utility for AppArmor
ii  apparmor-docs      2.7.102-0ubuntu3.1 Documentation for AppArmor
un  apparmor-parser    <none>             (no description available)
ii  apparmor-profiles  2.7.102-0ubuntu3.1 Profiles for AppArmor Security policies
ii  apparmor-utils     2.7.102-0ubuntu3.1 Utilities for controlling AppArmor
ii  dh-apparmor        2.7.102-0ubuntu3.1 AppArmor debhelper routines
un  libapache2-mod-app <none>             (no description available)
ii  libapparmor-perl   2.7.102-0ubuntu3.1 AppArmor library Perl bindings
ii  libapparmor1       2.7.102-0ubuntu3.1 changehat AppArmor library
un  liblxc0            <none>             (no description available)
ii  liblxc1            1.1.2-0ubuntu3~ubu Linux Containers userspace tools (library)
ii  lxc                1.1.2-0ubuntu3~ubu Linux Containers userspace tools
ii  lxc-templates      1.1.3-0ubuntu1~ubu Linux Containers userspace tools (templates)
ii  lxcfs              0.10-0ubuntu1~ubun FUSE based filesystem for LXC
un  lxcguest           <none>             (no description available)
un  lxctl              <none>             (no description available)
ii  python3-lxc        1.1.2-0ubuntu3~ubu Linux Containers userspace tools (Python 3.x binding

# lxc-ls -f
NAME  STATE    IPV4          IPV6  GROUPS  AUTOSTART
----------------------------------------------------
dc1   RUNNING  192.168.35.4  -     -       YES

# aa-status
apparmor module is loaded.
11 profiles are loaded.
10 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/lxc-start
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/cups/backend/cups-pdf
   /usr/sbin/cupsd
   /usr/sbin/mysqld
   lxc-container-default
   lxc-container-default-with-mounting
   lxc-container-default-with-nesting
1 profiles are in complain mode.
   /usr/sbin/ntpd
37 processes have profiles defined.
36 processes are in enforce mode.
   /usr/bin/lxc-start (1571)
   /usr/sbin/cupsd (1047)
   /usr/sbin/mysqld (1555)
   lxc-container-default (1612)
   lxc-container-default (2488)
   lxc-container-default (2641)
   lxc-container-default (2731)
   lxc-container-default (2787)
   lxc-container-default (2931)
   lxc-container-default (3141)
   lxc-container-default (3479)
   lxc-container-default (3492)
   lxc-container-default (3493)
   lxc-container-default (3496)
   lxc-container-default (3534)
   lxc-container-default (3538)
   lxc-container-default (3668)
   lxc-container-default (3721)
   lxc-container-default (3722)
   lxc-container-default (3723)
   lxc-container-default (3724)
   lxc-container-default (3725)
   lxc-container-default (3726)
   lxc-container-default (3727)
   lxc-container-default (3728)
   lxc-container-default (3729)
   lxc-container-default (3730)
   lxc-container-default (3731)
   lxc-container-default (3732)
   lxc-container-default (3733)
   lxc-container-default (3734)
   lxc-container-default (3737)
   lxc-container-default (3740)
   lxc-container-default (3741)
   lxc-container-default (14222)
   lxc-container-default (20263)
1 processes are in complain mode.
   /usr/sbin/ntpd (1916)
0 processes are unconfined but have a profile defined.


-- 
With best regards,
Andrey Repin
Monday, October 5, 2015 12:58:02

Sorry for my terrible english...

More information about the lxc-users mailing list