[lxc-users] Unable to launch a LXC container

Muneeb Ahmad muneeb.gandapur at gmail.com
Tue Apr 26 09:55:12 UTC 2016


Probably it is an architecture problem. seccomp is enabled in kernel and
lxc-checkconfig shows everything enabled too. Though there's no security in
/sys/kernel.
I managed to run containers when I told LXD to ignore the policy by "lxc
profile set default raw.lxc lxc.seccomp=". I would like to write a policy
for ARM architecture. Any ideas?




On Mon, Apr 25, 2016 at 6:54 PM, Serge Hallyn <serge.hallyn at ubuntu.com>
wrote:

> Quoting Muneeb Ahmad (muneeb.gandapur at gmail.com):
> ...
> >             lxc 20160421151846.936 ERROR    lxc_utils -
> utils.c:mkdir_p:253
> > - Permission denied - failed to create directory
> > '/usr/lib/arm-linux-gnueabihf/lxc/sys/firmware/efi/'
> >
> ...
> >             lxc 20160421151846.937 ERROR    lxc_utils -
> utils.c:mkdir_p:253
> > - Permission denied - failed to create directory
> > '/usr/lib/arm-linux-gnueabihf/lxc/sys/fs/pstore'
> ...
> >             lxc 20160421151846.938 ERROR    lxc_utils -
> utils.c:mkdir_p:253
> > - Permission denied - failed to create directory
> > '/usr/lib/arm-linux-gnueabihf/lxc/sys/kernel/security'
> >             lxc 20160421101847.173 ERROR    lxc_seccomp -
>
> > seccomp.c:lxc_seccomp_load:615 - Error loading the seccomp policy
> >
> >             lxc 20160421151847.174 ERROR    lxc_sync -
> > sync.c:__sync_wait:52 - An error occurred in another process (expected
> > sequence number 4)
>
> I question your kernel support.  Those directories, especially
> /sys/kernel/security, should exist - you should be getting EEXIST not
> EPERM.  The seccomp policy load could be an architecture related bug
> in lxc's code, but given your other errors seems just as likely to
> be lack of seccomp support in the kernel.
>
> What does lxc-checkconfig show?
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160426/5e3f6528/attachment.html>


More information about the lxc-users mailing list