Auto Package Testing

Bug #1828228
Comment #8

Comment 8 for bug 1828228

Revision history for this message

Rafael David Tinoco (rafaeldtinoco) wrote on 2019-07-20: Re: corosync fails to start in container (armhf) bump some limits

This "bug" happens because of "unprivileged" containers:

root@corosync:~# corosync -f
Jul 20 21:26:32 notice [MAIN ] Corosync Cluster Engine 3.0.1 starting up
Jul 20 21:26:32 info [MAIN ] Corosync built-in features: dbus monitoring watchdog augeas systemd xmlconf snmp pierelro bindnow
Jul 20 21:26:32 warning [MAIN ] Could not set SCHED_RR at priority 99: Operation not permitted (1)
Jul 20 21:26:32 warning [MAIN ] Could not set priority -2147483648: Permission denied (13)
Jul 20 21:26:32 notice [TOTEM ] Initializing transport (Kronosnet).
Jul 20 21:26:33 crit [TOTEM ] knet_handle_new failed: File name too long (36)
Jul 20 21:26:33 error [KNET ] transport: Failed to set socket buffer via force option 33: Operation not permitted
Jul 20 21:26:33 error [KNET ] transport: Unable to set local socketpair receive buffer: File name too long
Jul 20 21:26:33 error [KNET ] handle: Unable to initialize internal hostsockpair: File name too long
Jul 20 21:26:33 error [MAIN ] Can't initialize TOTEM layer
Jul 20 21:26:33 error [MAIN ] Corosync Cluster Engine exiting with status 15 at main.c:1529.

connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/sys/fs/cgroup/cpu/cpu.rt_runtime_us", O_RDONLY) = -1 ENOENT (No such file or directory)
sched_setscheduler(0, SCHED_RR, [99]) = -1 EPERM (Operation not permitted)
setpriority(PRIO_PGRP, 0, -2147483648) = -1 EACCES (Permission denied)
prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=RLIM64_INFINITY, rlim_max=RLIM64_INFINITY}, NULL) = -1 EPERM (Operation not permitted)
[pid 694] setsockopt(11, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = -1 EPERM (Operation not permitted)
[pid 694] epoll_ctl(0, EPOLL_CTL_DEL, 11, 0xff968fb8) = -1 EINVAL (Invalid argument)
[pid 694] epoll_ctl(0, EPOLL_CTL_DEL, 0, 0xff968fb8) = -1 EINVAL (Invalid argument)
[pid 694] close(0) = -1 EBADF (Bad file descriptor)
[pid 694] close(0) = -1 EBADF (Bad file descriptor)
[pid 695] madvise(0xf6055000, 8368128, MADV_DONTNEED) = -1 EINVAL (Invalid argument)

----

I was able to reproduce the exact same issue by using lxd on armhf with unprivileged containers. And its pretty clear to check the issue by issuing:

root@corosync:~# ulimit -l unlimited
-bash: ulimit: max locked memory: cannot modify limit: Operation not permitted

as root and checking that "root" does not have "cap_sys_resource" capabilities. There is also the Kronosnet initialization failure because of low {r,w}mem_max values.

This "bug" happens because of "unprivileged" containers:

root@corosync:~# corosync -f
Jul 20 21:26:32 notice  [MAIN  ] Corosync Cluster Engine 3.0.1 starting up
Jul 20 21:26:32 info    [MAIN  ] Corosync built-in features: dbus monitoring watchdog augeas systemd xmlconf snmp pierelro bindnow
Jul 20 21:26:32 warning [MAIN  ] Could not set SCHED_RR at priority 99: Operation not permitted (1)
Jul 20 21:26:32 warning [MAIN  ] Could not set priority -2147483648: Permission denied (13)
Jul 20 21:26:32 notice  [TOTEM ] Initializing transport (Kronosnet).
Jul 20 21:26:33 crit    [TOTEM ] knet_handle_new failed: File name too long (36)
Jul 20 21:26:33 error   [KNET  ] transport: Failed to set socket buffer via force option 33: Operation not permitted
Jul 20 21:26:33 error   [KNET  ] transport: Unable to set local socketpair receive buffer: File name too long
Jul 20 21:26:33 error   [KNET  ] handle: Unable to initialize internal hostsockpair: File name too long
Jul 20 21:26:33 error   [MAIN  ] Can't initialize TOTEM layer
Jul 20 21:26:33 error   [MAIN  ] Corosync Cluster Engine exiting with status 15 at main.c:1529.

connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/sys/fs/cgroup/cpu/cpu.rt_runtime_us", O_RDONLY) = -1 ENOENT (No such file or directory)
sched_setscheduler(0, SCHED_RR, [99])   = -1 EPERM (Operation not permitted)
setpriority(PRIO_PGRP, 0, -2147483648)  = -1 EACCES (Permission denied)
prlimit64(0, RLIMIT_MEMLOCK, {rlim_cur=RLIM64_INFINITY, rlim_max=RLIM64_INFINITY}, NULL) = -1 EPERM (Operation not permitted)
[pid   694] setsockopt(11, SOL_SOCKET, SO_RCVBUFFORCE, [8388608], 4) = -1 EPERM (Operation not permitted)
[pid   694] epoll_ctl(0, EPOLL_CTL_DEL, 11, 0xff968fb8) = -1 EINVAL (Invalid argument)
[pid   694] epoll_ctl(0, EPOLL_CTL_DEL, 0, 0xff968fb8) = -1 EINVAL (Invalid argument)
[pid   694] close(0)                    = -1 EBADF (Bad file descriptor)
[pid   694] close(0)                    = -1 EBADF (Bad file descriptor)
[pid   695] madvise(0xf6055000, 8368128, MADV_DONTNEED) = -1 EINVAL (Invalid argument)

----

I was able to reproduce the exact same issue by using lxd on armhf with unprivileged containers. And its pretty clear to check the issue by issuing:

root@corosync:~# ulimit -l unlimited
-bash: ulimit: max locked memory: cannot modify limit: Operation not permitted

as root and checking that "root" does not have "cap_sys_resource" capabilities. There is also the Kronosnet initialization failure because of low {r,w}mem_max values.