[lxc-users] Debian and unprivileged LXC not working...
Serge E. Hallyn
serge at hallyn.com
Wed Dec 13 22:02:29 UTC 2017
Quoting Dirk Geschke (dirk at lug-erding.de):
> Hi Christian,
>
> > > > Older liblxc version used system() instead of run_command(). For
> > > > system() POSIX leaves it unspecified whether pthread_atfork() handlers
> > > > are called but glibc's implementation of system() guarantees that they
> > > > are not. But there's no requirement. So this might be why we have been
> > > > fine - by chance - all of the time.
> > >
> > > I don't think so. The previous system did not use system(), it just
> > > did a clone() followed by calling the fn directly.
> >
> > This commit is present at least in 1.0.11 until at least 2.0.4 and it
> > has lxc_map_ids() call system() when new{g,u}idmap is used:
> >
> > commit cf3ef16dc479c102433a82b8ddbb4265d3818cce
> > Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> > Date: Wed Oct 23 01:02:57 2013 +0000
>
> just for the record, lxc-2.0.8 is still working this way, but it
> stops starting with lxc-2.0.9 and the whole lxc-2.1.x branch.
>
> I have no idea, what happened to break it nor do I have any clue
> to fix it. But since I like to use unprivileged containers, it
> would be nice to get it running again.
You can see whether lxc-2.1.1 fixes it for you, or
you can run wigh cgfsng instead of cgmanager, as your
problem is just with the cgm_lock.
> Can I help in any way?
If you were feeling bored and/or industrious, you could
grab the lxc git tree and git bisect to the commit that
breaks it :) I'm 99% sure it'll point to the commit that
introduces run_command(), but actually it's possible that
I am actually wrong about that, so confirmation would be
useful.
Or instead of a bisect, you could just revert ea3a694fe
in the 2.0.9 tree and see if that fixes it. Though it
may not revert cleanly.
But, you've been enormously helpful in finding this. While
it currently only affects a configuration which isn't much
used any more, if we're right about the cause then there is
a more general underlying problem which can strike elsewhere
too. So thanks!
-serge
More information about the lxc-users
mailing list