[lxc-users] Are these messages normal for un-previlieged lxc containers?
John Siu
john.sd.siu at gmail.com
Mon Feb 22 07:52:17 UTC 2016
Following is the the lxc container journal during startup:
Feb 22 01:31:18 lxc10000 systemd-journald[124]: Journal started
Feb 22 01:31:18 lxc10000 mount[118]: mount: mqueue is already mounted or /dev/mqueue busy
Feb 22 01:31:18 lxc10000 mount[121]: mount: permission denied
Feb 22 01:31:18 lxc10000 mount[127]: mount: permission denied
Feb 22 01:31:20 lxc10000 systemd[1]: Started Remount Root and Kernel File Systems.
Feb 22 01:31:20 lxc10000 systemd[1]: dev-mqueue.mount: Mount process exited, code=exited status=32
Feb 22 01:31:20 lxc10000 systemd[1]: Failed to mount POSIX Message Queue File System.
Feb 22 01:31:20 lxc10000 systemd[1]: dev-mqueue.mount: Unit entered failed state.
Feb 22 01:31:20 lxc10000 systemd[1]: sys-kernel-debug.mount: Mount process exited, code=exited status=32
Feb 22 01:31:20 lxc10000 systemd[1]: Failed to mount Debug File System.
Feb 22 01:31:20 lxc10000 systemd[1]: sys-kernel-debug.mount: Unit entered failed state.
Feb 22 01:31:20 lxc10000 systemd[1]: dev-hugepages.mount: Mount process exited, code=exited status=32
Feb 22 01:31:20 lxc10000 systemd[1]: Failed to mount Huge Pages File System.
Feb 22 01:31:20 lxc10000 systemd[1]: dev-hugepages.mount: Unit entered failed state.
Feb 22 01:31:20 lxc10000 systemd[1]: Started Nameserver information manager.
Feb 22 01:31:20 lxc10000 systemd[1]: Starting Load/Save Random Seed...
Feb 22 01:31:20 lxc10000 systemd[1]: Reached target Local File Systems (Pre).
Feb 22 01:31:20 lxc10000 systemd[1]: Reached target Local File Systems.
Feb 22 01:31:20 lxc10000 systemd[1]: Starting Set console keymap...
Feb 22 01:31:20 lxc10000 loadkeys[241]: Couldn't get a file descriptor referring to the console
Feb 22 01:31:20 lxc10000 systemd[1]: Starting Raise network interfaces...
Feb 22 01:31:20 lxc10000 systemd[1]: Starting Flush Journal to Persistent Storage...
Feb 22 01:31:20 lxc10000 systemd[1]: Started Load/Save Random Seed.
Feb 22 01:31:20 lxc10000 systemd[1]: console-setup.service: Main process exited, code=exited, status=1/FAILURE
Feb 22 01:31:20 lxc10000 systemd[1]: console-setup.service: Failed to kill control group /user.slice/user-1000.slice/session-2.scope/lxc/lxc10000/system.slice/console-setup.service, ignoring: Invalid argument
Feb 22 01:31:20 lxc10000 systemd[1]: console-setup.service: Failed to kill control group /user.slice/user-1000.slice/session-2.scope/lxc/lxc10000/system.slice/console-setup.service, ignoring: Invalid argument
Feb 22 01:31:20 lxc10000 systemd[1]: Failed to start Set console keymap.
Feb 22 01:31:20 lxc10000 systemd[1]: console-setup.service: Unit entered failed state.
Feb 22 01:31:20 lxc10000 systemd[1]: console-setup.service: Failed with result 'exit-code'.
Feb 22 01:31:20 lxc10000 systemd[1]: Started Flush Journal to Persistent Storage.
Feb 22 01:31:20 lxc10000 dhclient[279]: Internet Systems Consortium DHCP Client 4.3.3
Feb 22 01:31:20 lxc10000 ifup[252]: Internet Systems Consortium DHCP Client 4.3.3
Feb 22 01:31:20 lxc10000 ifup[252]: Copyright 2004-2015 Internet Systems Consortium.
Feb 22 01:31:20 lxc10000 ifup[252]: All rights reserved.
Feb 22 01:31:20 lxc10000 ifup[252]: For info, please visit https://www.isc.org/software/dhcp/
Feb 22 01:31:20 lxc10000 dhclient[279]: Copyright 2004-2015 Internet Systems Consortium.
Feb 22 01:31:20 lxc10000 dhclient[279]: All rights reserved.
Feb 22 01:31:20 lxc10000 dhclient[279]: For info, please visit https://www.isc.org/software/dhcp/
Feb 22 01:31:20 lxc10000 dhclient[279]:
Feb 22 01:31:20 lxc10000 dhclient[279]: Listening on LPF/public/1a:a7:eb:36:64:74
Feb 22 01:31:20 lxc10000 dhclient[279]: Sending on LPF/public/1a:a7:eb:36:64:74
Feb 22 01:31:20 lxc10000 ifup[252]: Listening on LPF/public/1a:a7:eb:36:64:74
Feb 22 01:31:20 lxc10000 ifup[252]: Sending on LPF/public/1a:a7:eb:36:64:74
Feb 22 01:31:20 lxc10000 ifup[252]: Sending on Socket/fallback
Feb 22 01:31:20 lxc10000 ifup[252]: DHCPDISCOVER on public to 255.255.255.255 port 67 interval 3 (xid=0x89db8677)
Feb 22 01:31:20 lxc10000 dhclient[279]: Sending on Socket/fallback
Feb 22 01:31:20 lxc10000 dhclient[279]: DHCPDISCOVER on public to 255.255.255.255 port 67 interval 3 (xid=0x89db8677)
Feb 22 01:31:20 lxc10000 systemd[1]: Starting Create Volatile Files and Directories...
Feb 22 01:31:20 lxc10000 systemd[1]: Started Create Volatile Files and Directories.
Feb 22 01:31:20 lxc10000 systemd[1]: Reached target System Time Synchronized.
Feb 22 01:31:20 lxc10000 systemd[1]: Starting Update UTMP about System Boot/Shutdown...
Feb 22 01:31:20 lxc10000 systemd[1]: Started Update UTMP about System Boot/Shutdown.
Feb 22 01:31:20 lxc10000 systemd[1]: Reached target System Initialization.
Feb 22 01:31:20 lxc10000 systemd[1]: Started Daily Cleanup of Temporary Directories.
Feb 22 01:31:20 lxc10000 systemd[1]: Reached target Timers.
Feb 22 01:31:20 lxc10000 systemd[1]: Started Trigger resolvconf update for networkd DNS.
Feb 22 01:31:20 lxc10000 systemd[1]: Reached target Paths.
Feb 22 01:31:20 lxc10000 systemd[1]: Reached target Basic System.
Feb 22 01:31:20 lxc10000 systemd[1]: Starting getty on tty2-tty6 if dbus and logind are not available...
Feb 22 01:31:20 lxc10000 systemd[1]: Starting LSB: Set the CPU Frequency Scaling governor to "ondemand"...
Feb 22 01:31:20 lxc10000 systemd[1]: Started Regular background program processing daemon.
Feb 22 01:31:20 lxc10000 cron[299]: (CRON) INFO (pidfile fd = 3)
Feb 22 01:31:20 lxc10000 cron[299]: (CRON) INFO (Running @reboot jobs)
Feb 22 01:31:20 lxc10000 systemd[1]: Starting Permit User Sessions...
Feb 22 01:31:21 lxc10000 systemd[1]: Started Permit User Sessions.
Feb 22 01:31:21 lxc10000 systemd[1]: Started LSB: Set the CPU Frequency Scaling governor to "ondemand".
Feb 22 01:31:21 lxc10000 systemd[1]: Started getty on tty2-tty6 if dbus and logind are not available.
Feb 22 01:31:21 lxc10000 dhclient[279]: DHCPREQUEST of 192.168.0.216 on public to 255.255.255.255 port 67 (xid=0x7786db89)
Feb 22 01:31:21 lxc10000 ifup[252]: DHCPREQUEST of 192.168.0.216 on public to 255.255.255.255 port 67 (xid=0x7786db89)
Feb 22 01:31:21 lxc10000 ifup[252]: DHCPOFFER of 192.168.0.216 from 192.168.0.2
Feb 22 01:31:21 lxc10000 dhclient[279]: DHCPOFFER of 192.168.0.216 from 192.168.0.2
Feb 22 01:31:21 lxc10000 ifup[252]: DHCPACK of 192.168.0.216 from 192.168.0.2
Feb 22 01:31:21 lxc10000 dhclient[279]: DHCPACK of 192.168.0.216 from 192.168.0.2
Feb 22 01:31:21 lxc10000 dhclient[279]: bound to 192.168.0.216 -- renewal in 110360 seconds.
Feb 22 01:31:21 lxc10000 ifup[252]: bound to 192.168.0.216 -- renewal in 110360 seconds.
Feb 22 01:31:21 lxc10000 systemd[1]: Started Raise network interfaces.
Feb 22 01:31:21 lxc10000 systemd[1]: Reached target Network.
Feb 22 01:31:21 lxc10000 systemd[1]: Starting OpenBSD Secure Shell server...
Feb 22 01:31:21 lxc10000 sshd[363]: Server listening on 0.0.0.0 port 22.
Feb 22 01:31:21 lxc10000 sshd[363]: Server listening on :: port 22.
Feb 22 01:31:21 lxc10000 systemd[1]: Starting The PHP 7.0 FastCGI Process Manager...
Feb 22 01:31:21 lxc10000 systemd[1]: Starting /etc/rc.local Compatibility...
Feb 22 01:31:21 lxc10000 php-fpm[370]: [NOTICE] configuration file /etc/php/7.0/fpm/php-fpm.conf test is successful
Feb 22 01:31:21 lxc10000 systemd[1]: Started Journal Remote Upload Service.
Feb 22 01:31:21 lxc10000 systemd[1]: Started OpenBSD Secure Shell server.
Feb 22 01:31:21 lxc10000 systemd[1]: Started /etc/rc.local Compatibility.
Feb 22 01:31:21 lxc10000 php-fpm[378]: [NOTICE] fpm is running, pid 378
Feb 22 01:31:21 lxc10000 php-fpm[378]: [NOTICE] ready to handle connections
Feb 22 01:31:21 lxc10000 php-fpm[378]: [NOTICE] systemd monitor interval set to 10000ms
Feb 22 01:31:21 lxc10000 systemd[1]: Started Container Getty on /dev/pts/3.
Feb 22 01:31:21 lxc10000 systemd[1]: Started Console Getty.
Feb 22 01:31:21 lxc10000 systemd[1]: Started Container Getty on /dev/pts/0.
Feb 22 01:31:21 lxc10000 systemd[1]: Started Container Getty on /dev/pts/1.
Feb 22 01:31:21 lxc10000 systemd[1]: Started Container Getty on /dev/pts/2.
Feb 22 01:31:21 lxc10000 systemd[1]: Reached target Login Prompts.
Feb 22 01:31:21 lxc10000 systemd[1]: Started The PHP 7.0 FastCGI Process Manager.
Feb 22 01:31:21 lxc10000 systemd[1]: Reached target Multi-User System.
Feb 22 01:31:21 lxc10000 systemd[1]: Reached target Graphical Interface.
Feb 22 01:31:21 lxc10000 systemd[1]: Starting Update UTMP about System Runlevel Changes...
Feb 22 01:31:21 lxc10000 systemd[1]: systemd-update-utmp-runlevel.service: Failed to kill control group /user.slice/user-1000.slice/session-2.scope/lxc/lxc10000/system.slice/systemd-update-utmp-runlevel.service, ignoring: Invalid argument
Feb 22 01:31:21 lxc10000 systemd[1]: systemd-update-utmp-runlevel.service: Failed to kill control group /user.slice/user-1000.slice/session-2.scope/lxc/lxc10000/system.slice/systemd-update-utmp-runlevel.service, ignoring: Invalid argument
Feb 22 01:31:21 lxc10000 systemd[1]: systemd-update-utmp-runlevel.service: Failed to kill control group /user.slice/user-1000.slice/session-2.scope/lxc/lxc10000/system.slice/systemd-update-utmp-runlevel.service, ignoring: Invalid argument
Feb 22 01:31:21 lxc10000 systemd[1]: systemd-update-utmp-runlevel.service: Failed to kill control group /user.slice/user-1000.slice/session-2.scope/lxc/lxc10000/system.slice/systemd-update-utmp-runlevel.service, ignoring: Invalid argument
Feb 22 01:31:21 lxc10000 systemd[1]: Started Update UTMP about System Runlevel Changes.
Feb 22 01:31:21 lxc10000 systemd[1]: Startup finished in 3.365s.
> On Feb 22, 2016, at 02:46, John Siu <john.sd.siu at gmail.com> wrote:
>
> OS: Ubuntu 16.04
> LXC: 2.0.0-rc1
>
> Following are from host journal when starting up a lxc container:
>
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/blkio/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuacct/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuset/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/devices/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/hugetlb/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/net_prio/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/perf_event/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids/user.slice/user-1000.slice/session-2.scope/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/blkio/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuacct/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuset/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/devices/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/hugetlb/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/net_prio/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/perf_event/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids/user.slice/user-1000.slice/session-2.scope/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/blkio/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/blkio/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuacct/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuacct/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuset/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuset/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/devices/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/devices/user.slice/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/hugetlb/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/hugetlb/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/net_prio/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/net_prio/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/perf_event/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/perf_event/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids/user.slice/user-1000.slice/session-2.scope/lxc
> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids/user.slice/user-1000.slice/session-2.scope/lxc
> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_UP): vethPYRIGJ: link is not ready
> Feb 22 01:31:18 JS-HP kernel: device vethPYRIGJ entered promiscuous mode
> Feb 22 01:31:18 JS-HP kernel: public: renamed from vethPYRIGJp
> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_UP): veth9SIJ98: link is not ready
> Feb 22 01:31:18 JS-HP kernel: device veth9SIJ98 entered promiscuous mode
> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding state
> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding state
> Feb 22 01:31:18 JS-HP kernel: mgmt: renamed from veth9SIJ98p
> Feb 22 01:31:18 JS-HP systemd-udevd[19248]: Could not generate persistent MAC address for vethM46DG6p: No such file or directory
> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_UP): vethM46DG6: link is not ready
> Feb 22 01:31:18 JS-HP kernel: device vethM46DG6 entered promiscuous mode
> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered forwarding state
> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered forwarding state
> Feb 22 01:31:18 JS-HP kernel: private: renamed from vethM46DG6p
> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered disabled state
> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered disabled state
> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethPYRIGJ: link becomes ready
> Feb 22 01:31:18 JS-HP kernel: public: port 2(vethPYRIGJ) entered forwarding state
> Feb 22 01:31:18 JS-HP kernel: public: port 2(vethPYRIGJ) entered forwarding state
> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth9SIJ98: link becomes ready
> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding state
> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding state
> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethM46DG6: link becomes ready
> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered forwarding state
> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered forwarding state
> Feb 22 01:31:18 JS-HP audit[18945]: AVC apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default" name="/sys/fs/cgroup/" pid=18945 comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime"
> Feb 22 01:31:18 JS-HP kernel: audit: type=1400 audit(1456122678.561:43): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default" name="/sys/fs/cgroup/" pid=18945 comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime"
> Feb 22 01:31:21 JS-HP audit[20333]: AVC apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=20333 comm="(l-upload)" flags="rw, rslave"
> Feb 22 01:31:21 JS-HP kernel: audit: type=1400 audit(1456122681.413:44): apparmor="DENIED" operation="mount" info="failed flags match" error=-13 profile="lxc-container-default" name="/" pid=20333 comm="(l-upload)" flags="rw, rslave"
> Feb 22 01:31:27 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding state
> Feb 22 01:31:27 JS-HP kernel: private0: port 2(vethM46DG6) entered forwarding state
> Feb 22 01:31:33 JS-HP kernel: public: port 2(vethPYRIGJ) entered forwarding state
>
> My main concern are those cgmanager and audit messages.
>
> Are they normal for unprivileged container and can be ignore??
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20160222/2a29a57b/attachment-0001.html>
More information about the lxc-users
mailing list