[lxc-users] Can't start unpriv container (large log dump)
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Mar 9 08:11:46 UTC 2016
I think this one got fixed tonight.
Quoting Mark Constable (markc at renta.net):
> I've done this 100s of times before but for some reason I'm getting an
> error trying to start an unpriv container. Any clues?
>
> Xenial LXD 2.0.0~rc2-0ubuntu2 w/ btrfs
>
> ~ lxc image copy upstream:/ubuntu/xenial/amd64 local: --alias=xenial
> Image copied successfully!
>
> ~ lxc image list
> +--------+--------------+--------+----------------------------------------+--------+---------+-----------------------------+
> | ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCH | SIZE | UPLOAD DATE |
> +--------+--------------+--------+----------------------------------------+--------+---------+-----------------------------+
> | xenial | 0594dbb54ade | no | Ubuntu xenial (amd64) (20160218_03:49) | x86_64 | 64.87MB | Mar 9, 2016 at 6:12am (UTC) |
> +--------+--------------+--------+----------------------------------------+--------+---------+-----------------------------+
>
> ~ lxc launch xenial gc3
> Creating gc3
> Starting gc3
> error: Error calling 'lxd forkstart gc3 /var/lib/lxd/containers /var/log/lxd/gc3/lxc.conf': err='exit status 1'
> Try `lxc info --show-log gc3` for more info
>
> ~ cat /var/log/lxd/gc3/lxc.conf
> lxc.cap.drop = mac_admin mac_override sys_time sys_module
> lxc.mount.auto = proc:rw sys:rw
> lxc.autodev = 1
> lxc.pts = 1024
> lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional
> lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none rbind,optional
> lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none rbind,optional
> lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none rbind,optional
> lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none rbind,optional
> lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none rbind,optional
> lxc.mount.entry = /sys/kernel/security sys/kernel/security none rbind,optional
> lxc.include = /usr/share/lxc/config/common.conf.d/
> lxc.logfile = /var/log/lxd/gc3/lxc.log
> lxc.loglevel = 0
> lxc.arch = linux64
> lxc.hook.pre-start = /usr/bin/lxd callhook /var/lib/lxd 2 start
> lxc.hook.post-stop = /usr/bin/lxd callhook /var/lib/lxd 2 stop
> lxc.tty = 0
> lxc.utsname = gc3
> lxc.mount.entry = /var/lib/lxd/devlxd dev/lxd none bind,create=dir 0 0
> lxc.aa_profile = lxd-gc3_</var/lib/lxd>
> lxc.seccomp = /var/lib/lxd/security/seccomp/gc3
> lxc.id_map = u 0 231072 65536
> lxc.id_map = g 0 231072 65536
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = lxcbr0
> lxc.network.hwaddr = 00:16:3e:d8:96:db
> lxc.network.name = eth0
> lxc.rootfs = /var/lib/lxd/containers/gc3/rootfs
> lxc.mount.entry = /var/lib/lxd/shmounts/gc3 dev/.lxd-mounts none bind,create=dir 0 0
>
> ~ lxc info --show-log gc3
> Name: gc3
> Architecture: x86_64
> Created: 2016/03/09 06:13 UTC
> Status: Stopped
> Type: persistent
> Profiles: default
>
> Log:
>
> lxc 20160309161350.446 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
> lxc 20160309161350.446 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
> lxc 20160309161350.874 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
> lxc 20160309161350.874 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
> lxc 20160309161350.897 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 3
> lxc 20160309161350.897 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 9
> lxc 20160309161350.898 INFO lxc_container - lxccontainer.c:do_lxcapi_start:797 - Attempting to set proc title to [lxc monitor] /var/lib/lxd/containers gc3
> lxc 20160309161350.898 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 9
> lxc 20160309161350.898 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .reject_force_umount # comment this to allow umount -f; not recommended.
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for reject_force_umount action 0
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
>
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for reject_force_umount action 0
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
>
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .[all].
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .kexec_load errno 1.
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for kexec_load action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for kexec_load action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .open_by_handle_at errno 1.
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for open_by_handle_at action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for open_by_handle_at action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .init_module errno 1.
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for init_module action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for init_module action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .finit_module errno 1.
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for finit_module action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for finit_module action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .delete_module errno 1.
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for delete_module action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for delete_module action 327681
> lxc 20160309161350.898 INFO lxc_seccomp - seccomp.c:parse_config_v2:456 - Merging in the compat seccomp ctx into the main one
> lxc 20160309161350.898 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/bin/lxd callhook /var/lib/lxd 2 start' for container 'gc3', config section 'lxc'
> lxc 20160309161350.898 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 3
> lxc 20160309161350.898 INFO lxc_start - start.c:lxc_check_inherited:251 - closed inherited fd 9
> lxc 20160309161350.899 INFO lxc_monitor - monitor.c:lxc_monitor_sock_name:178 - using monitor sock name lxc/d78a9d7e97b4b375//var/lib/lxd/containers
> lxc 20160309161350.941 DEBUG lxc_start - start.c:setup_signal_fd:289 - sigchild handler set
> lxc 20160309161350.941 DEBUG lxc_console - console.c:lxc_console_peer_default:473 - no console peer
> lxc 20160309161350.941 INFO lxc_start - start.c:lxc_init:488 - 'gc3' is initialized
> lxc 20160309161350.941 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
> lxc 20160309161350.941 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
> lxc 20160309161350.942 DEBUG lxc_start - start.c:__lxc_start:1259 - Not dropping cap_sys_boot or watching utmp
> lxc 20160309161350.942 INFO lxc_start - start.c:resolve_clone_flags:956 - Cloning a new user namespace
> lxc 20160309161350.943 DEBUG lxc_conf - conf.c:instantiate_veth:2609 - instantiated veth 'vethL6PITX/vethN1DVGS', index is '7'
> lxc 20160309161350.943 INFO lxc_cgroup - cgroup.c:cgroup_init:68 - cgroup driver cgroupfs-ng initing for gc3
> lxc 20160309161350.949 ERROR lxc_cgfsng - cgfsng.c:cgfsng_enter:1012 - Failed to enter /sys/fs/cgroup/cpuset//lxc/gc3/cgroup.procs
>
> lxc 20160309161350.974 ERROR lxc_start - start.c:__lxc_start:1286 - failed to spawn 'gc3'
> lxc 20160309161350.991 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'gc3', config section 'lxc'
> lxc 20160309161351.492 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/bin/lxd callhook /var/lib/lxd 2 stop' for container 'gc3', config section 'lxc'
> lxc 20160309161351.534 WARN lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive response
> lxc 20160309161351.534 WARN lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive response
> lxc 20160309161351.535 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
> lxc 20160309161351.535 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
> lxc 20160309161453.692 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
> lxc 20160309161453.692 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
> lxc 20160309161453.697 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type u nsid 0 hostid 231072 range 65536
> lxc 20160309161453.697 INFO lxc_confile - confile.c:config_idmap:1495 - read uid map: type g nsid 0 hostid 231072 range 65536
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list