[lxc-users] Networking not working in unconfined overlayfs container

Serge Hallyn serge.hallyn at ubuntu.com
Mon Oct 12 16:58:36 UTC 2015 

Hi,

before I try to reproduce this, can you confirm whether using the
kernel from vivid-proposed fixes it?

Quoting Frederico Araujo (araujof at gmail.com):
> Hi Serge,
> 
> Yes, I downloaded a fresh template for ubuntu and its overlay clones start
> okay, and I'm able to attach and run commands on them. However, eth0 has no
> IP assigned when unconfined.
> 
> I think the problem might be related to changes in systemd (I'm using
> version 219) and overlayfs on vivid. I do see many permission denied
> messages in the boot logs of the container (please see attached an example
> output), but couldn't find much help online.
> 
> lxc-attach -n test -- ifconfig -a
> eth0      Link encap:Ethernet  HWaddr 00:16:3e:23:59:24
>           inet6 addr: fe80::216:3eff:fe23:5924/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:29 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:4285 (4.2 KB)  TX bytes:648 (648.0 B)
> 
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
>           RX packets:24 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:1888 (1.8 KB)  TX bytes:1888 (1.8 KB)
> 
> lxc-attach -n test -- ps -ef
> UID        PID  PPID  C STIME TTY          TIME CMD
> root         1     0  0 15:45 ?        00:00:00 /sbin/init
> root       352     1  0 15:45 ?        00:00:00
> /lib/systemd/systemd-journald
> root       613     1  0 15:45 ?        00:00:00 /usr/sbin/cron -f
> syslog     673     1  0 15:45 ?        00:00:00 /usr/sbin/rsyslogd -n
> root       710     1  0 15:45 ?        00:00:00 /usr/sbin/sshd -D
> root       760     1  0 15:45 pts/1    00:00:00 /sbin/agetty --noclear
> --keep-baud pts/1 115200 38400 9600 vt220
> root       770     1  0 15:45 lxc/console 00:00:00 /sbin/agetty --noclear
> --keep-baud console 115200 38400 9600 v
> root       780     1  0 15:45 pts/2    00:00:00 /sbin/agetty --noclear
> --keep-baud pts/2 115200 38400 9600 vt220
> root       790     1  0 15:45 pts/0    00:00:00 /sbin/agetty --noclear
> --keep-baud pts/0 115200 38400 9600 vt220
> root       800     1  0 15:45 pts/3    00:00:00 /sbin/agetty --noclear
> --keep-baud pts/3 115200 38400 9600 vt220
> root       913     0  0 15:50 pts/2    00:00:00 ps -ef
> 
> Thanks!
> 
> Best,
> Fred
> 
> 
> On Mon, Oct 5, 2015 at 11:49 AM, Serge Hallyn <serge.hallyn at ubuntu.com>
> wrote:
> 
> > Quoting Frederico Araujo (araujof at gmail.com):
> > > Hi,
> > >
> > > I've been using LXC for over two years without problems. This week, I
> > > upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs
> > > containers stopped getting IP assigned. In my machine the error can be
> > > reproduced in this way:
> > >
> > > 1. lxc-create -n base -t ubuntu
> >
> > Do you have this problem if you use the download template?
> >
> > > 2. Edit ubuntu/config to add  lxc.aa_profile = unconfined
> >
> > interesting that it has to be unconfined.
> >
> > if you tail -f /var/log/syslog and then start the container, does
> > the tail -f output show any DENIED messages?
> >
> > > 3. lxc-clone -s -B overlayfs ubuntu tmp
> >
> > Does the 'ubuntu' container start ok?
> >
> > > 4. lxc-start -n tmp -d
> > > 5. lxc-ls -f shows:
> > >
> > > NAME                       STATE    IPV4        IPV6  GROUPS  AUTOSTART
> > > -----------------------------------------------------------------------
> > > tmp                        RUNNING  - *(no IP)*   -     -       NO
> > > ubuntu                     STOPPED  -           -     -       NO
> >
> > Are you able to lxc-attach -n tmp and look around?  what does 'ps -ef'
> > and 'ifconfig -a' show?
> >
> > > Interestingly, I don't run into this issue when running the container in
> > > confined mode (without lxc.aa_profile = unconfined). I checked past
> > threads
> > > in this list and in launchpad, and noticed that some people had problems
> > > with overlayfs when upgrading to vivid, but it seems that these problems
> > > were fixed in LXC 1.1 release. I'm running on LXC 1.1.2.
> > >
> > > Any thoughts?
> > >
> > > Thanks,
> > > Fred
> >
> > > _______________________________________________
> > > lxc-users mailing list
> > > lxc-users at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
> >
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users


> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list