[lxc-users] Can't start unpriv container (large log dump)
Mark Constable
markc at renta.net
Wed Mar 9 06:26:10 UTC 2016
I've done this 100s of times before but for some reason I'm getting an
error trying to start an unpriv container. Any clues?
Xenial LXD 2.0.0~rc2-0ubuntu2 w/ btrfs
~ lxc image copy upstream:/ubuntu/xenial/amd64 local: --alias=xenial
Image copied successfully!
~ lxc image list
+--------+--------------+--------+----------------------------------------+--------+---------+-----------------------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCH | SIZE | UPLOAD DATE |
+--------+--------------+--------+----------------------------------------+--------+---------+-----------------------------+
| xenial | 0594dbb54ade | no | Ubuntu xenial (amd64) (20160218_03:49) | x86_64 | 64.87MB | Mar 9, 2016 at 6:12am (UTC) |
+--------+--------------+--------+----------------------------------------+--------+---------+-----------------------------+
~ lxc launch xenial gc3
Creating gc3
Starting gc3
error: Error calling 'lxd forkstart gc3 /var/lib/lxd/containers /var/log/lxd/gc3/lxc.conf': err='exit status 1'
Try `lxc info --show-log gc3` for more info
~ cat /var/log/lxd/gc3/lxc.conf
lxc.cap.drop = mac_admin mac_override sys_time sys_module
lxc.mount.auto = proc:rw sys:rw
lxc.autodev = 1
lxc.pts = 1024
lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional
lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none rbind,optional
lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none rbind,optional
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none rbind,optional
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none rbind,optional
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none rbind,optional
lxc.mount.entry = /sys/kernel/security sys/kernel/security none rbind,optional
lxc.include = /usr/share/lxc/config/common.conf.d/
lxc.logfile = /var/log/lxd/gc3/lxc.log
lxc.loglevel = 0
lxc.arch = linux64
lxc.hook.pre-start = /usr/bin/lxd callhook /var/lib/lxd 2 start
lxc.hook.post-stop = /usr/bin/lxd callhook /var/lib/lxd 2 stop
lxc.tty = 0
lxc.utsname = gc3
lxc.mount.entry = /var/lib/lxd/devlxd dev/lxd none bind,create=dir 0 0
lxc.aa_profile = lxd-gc3_</var/lib/lxd>
lxc.seccomp = /var/lib/lxd/security/seccomp/gc3
lxc.id_map = u 0 231072 65536
lxc.id_map = g 0 231072 65536
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.hwaddr = 00:16:3e:d8:96:db
lxc.network.name = eth0
lxc.rootfs = /var/lib/lxd/containers/gc3/rootfs
lxc.mount.entry = /var/lib/lxd/shmounts/gc3 dev/.lxd-mounts none bind,create=dir 0 0
~ lxc info --show-log gc3
Name: gc3
Architecture: x86_64
Created: 2016/03/09 06:13 UTC
Status: Stopped
Type: persistent
Profiles: default
Log:
lxc 20160309161350.446 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
lxc 20160309161350.446 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
lxc 20160309161350.874 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
lxc 20160309161350.874 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
lxc 20160309161350.897 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 3
lxc 20160309161350.897 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 9
lxc 20160309161350.898 INFO lxc_container - lxccontainer.c:do_lxcapi_start:797 - Attempting to set proc title to [lxc monitor] /var/lib/lxd/containers gc3
lxc 20160309161350.898 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 9
lxc 20160309161350.898 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .reject_force_umount # comment this to allow umount -f; not recommended.
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for reject_force_umount action 0
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for reject_force_umount action 0
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .[all].
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .kexec_load errno 1.
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for kexec_load action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for kexec_load action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .open_by_handle_at errno 1.
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for open_by_handle_at action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for open_by_handle_at action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .init_module errno 1.
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for init_module action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for init_module action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .finit_module errno 1.
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for finit_module action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for finit_module action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .delete_module errno 1.
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for delete_module action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for delete_module action 327681
lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:456 - Merging in the compat seccomp ctx into the main one
lxc 20160309161350.898 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/bin/lxd callhook /var/lib/lxd 2 start' for container 'gc3', config section 'lxc'
lxc 20160309161350.898 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 3
lxc 20160309161350.898 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 9
lxc 20160309161350.899 INFO lxc_monitor - monitor.c:lxc_monitor_sock_name:178 - using monitor sock name lxc/d78a9d7e97b4b375//var/lib/lxd/containers
lxc 20160309161350.941 DEBUG lxc_start - start.c:setup_signal_fd:289 - sigchild handler set
lxc 20160309161350.941 DEBUG lxc_console - console.c:lxc_console_peer_default:473 - no console peer
lxc 20160309161350.941 INFO lxc_start - start.c:lxc_init:488 - 'gc3' is initialized
lxc 20160309161350.941 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
lxc 20160309161350.941 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
lxc 20160309161350.942 DEBUG lxc_start - start.c:__lxc_start:1259 - Not dropping cap_sys_boot or watching utmp
lxc 20160309161350.942 INFO lxc_start - start.c:resolve_clone_flags:956 - Cloning a new user namespace
lxc 20160309161350.943 DEBUG lxc_conf - conf.c:instantiate_veth:2609 - instantiated veth 'vethL6PITX/vethN1DVGS', index is '7'
lxc 20160309161350.943 INFO lxc_cgroup - cgroup.c:cgroup_init:68 - cgroup driver cgroupfs-ng initing for gc3
lxc 20160309161350.949 ERROR lxc_cgfsng - cgfsng.c:cgfsng_enter:1012 - Failed to enter /sys/fs/cgroup/cpuset//lxc/gc3/cgroup.procs
lxc 20160309161350.974 ERROR lxc_start - start.c:__lxc_start:1286 - failed to spawn 'gc3'
lxc 20160309161350.991 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'gc3', config section 'lxc'
lxc 20160309161351.492 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/bin/lxd callhook /var/lib/lxd 2 stop' for container 'gc3', config section 'lxc'
lxc 20160309161351.534 WARN lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive response
lxc 20160309161351.534 WARN lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive response
lxc 20160309161351.535 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
lxc 20160309161351.535 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
lxc 20160309161453.692 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
lxc 20160309161453.692 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
lxc 20160309161453.697 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
lxc 20160309161453.697 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
More information about the lxc-users
mailing list