[lxc-users] LXC 1.1.3 update blocks container startup.

Mon Oct 5 14:24:50 UTC 2015

Quoting Andrey Repin (anrdaemon at yandex.ru):
> Greetings, Serge Hallyn!
> 
> >> >>       lxc-start 1443630810.241 WARN     lxc_confile - confile.c:config_pivotdir:1825 - lxc.pivotdir is ignored.  It will soon become an error.
> >> >>       lxc-start 1443630810.247 WARN     lxc_cgmanager - cgmanager.c:cgm_get:993 - do_cgm_get exited with error
> >> >>       lxc-start 1443630810.672 ERROR    lxc_apparmor - lsm/apparmor.c:apparmor_process_label_set:183 - No such file or directory - failed to change apparmor profile to lxc-container-default
> >> >>       lxc-start 1443630810.672 ERROR    lxc_sync - sync.c:__sync_wait:51 - invalid sequence number 1. expected 4
> >> >>       lxc-start 1443630810.672 ERROR    lxc_start - start.c:__lxc_start:1172 - failed to spawn 'dc1'
> >> >>       lxc-start 1443630810.672 WARN     lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive response
> >> >>       lxc-start 1443630810.673 WARN     lxc_cgmanager - cgmanager.c:cgm_get:993 - do_cgm_get exited with error
> >> >>       lxc-start 1443630810.674 ERROR    lxc_cgmanager - cgmanager.c:cgm_remove_cgroup:523 - call to cgmanager_remove_sync failed: invalid request
> >> >>       lxc-start 1443630810.674 ERROR    lxc_cgmanager - cgmanager.c:cgm_remove_cgroup:525 - Error removing all:lxc/dc1-1
> >> >>       lxc-start 1443630815.678 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
> >> >>       lxc-start 1443630815.679 ERROR    lxc_start_ui - lxc_start.c:main:346 - To get more details, run the container in foreground mode.
> >> >>       lxc-start 1443630815.679 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
> >> >> 
> >> >> Anyone have ideas?
> >> 
> >> > The problem is that the lxc-container-default apparmor profile isn't
> >> > loaded on your machine.
> >> 
> >> > You may want to restart apparmor to see if it then loads it properly.
> >> 
> >> Ok, let me ask a different question.
> >> Can anyone walk me through some basic checks on this issue?
> >> I've already tried a number of things, but I can't quite figure out, what's
> >> wrong with the host. Everything seems normal and identical to the other hosts
> >> I have.
> 
> > What does 'sudo aa-status' show?
...
> 10 profiles are in enforce mode.
...
>    lxc-container-default
...
> 36 processes are in enforce mode.
>    /usr/bin/lxc-start (1571)
>    /usr/sbin/cupsd (1047)
>    /usr/sbin/mysqld (1555)
>    lxc-container-default (1612)
>    lxc-container-default (2488)
...

What does running the following in python3 as root show?

import lxc
c = lxc.Container("dc1-1")
c.get_config_item("lxc.aa_profile")

?

Assuming it's either '' or lxc-container-default, I think the next step
will need to be  building your own package so we can add some debugging
output  to apparmor_process_label_set()

-serge