Ubuntu
lxc package

lxc unprivileged containers broken

Bug #1413922 reported by James Hunt
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
New
Undecided
Unassigned

Bug Description

Seems to be due to 1.1.0~rc1-0ubuntu1 landing?

$ lxc-start -n trusty --logfile /tmp/lxc.log --logpriority debug
lxc-start: lxc_start.c: main: 345 The container failed to start.
lxc-start: lxc_start.c: main: 347 To get more details, run the container in foreground mode.
lxc-start: lxc_start.c: main: 349 Additional information can be obtained by setting the --logfile and --logpriority options.

lxc.log attached.

On a related note, it seems that the dep8 tests I originally wrote for lxc [1] have been replaced to call lxc's own test suite. However, whereas these new tests are somehow passing in jenkins [2], I belied the crude tests in [1] would have caught this issue as they actually call the command-line tools users run.

Could we maybe bring back [1] and run both sets of tests to avoid such a regression in future?

[1] - https://code.launchpad.net/~jamesodhunt/ubuntu/raring/lxc/dep-8-tests/+merge/157938
[2] - https://jenkins.qa.ubuntu.com/view/Vivid/view/AutoPkgTest/job/vivid-adt-lxc/ARCH=amd64,label=adt/

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: lxc 1.1.0~rc1-0ubuntu1
ProcVersionSignature: Ubuntu 3.18.0-9.10-generic 3.18.2
Uname: Linux 3.18.0-9-generic x86_64
ApportVersion: 2.15.1-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Jan 23 09:15:29 2015
InstallationDate: Installed on 2014-04-11 (286 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Daily amd64 (20140409)
SourcePackage: lxc
UpgradeStatus: Upgraded to vivid on 2014-05-08 (259 days ago)
defaults.conf:
 lxc.network.type = veth
 lxc.network.link = lxcbr0
 lxc.network.flags = up
 lxc.network.hwaddr = 00:16:3e:xx:xx:xx

Revision history for this message
James Hunt (jamesodhunt) wrote :
Revision history for this message
James Hunt (jamesodhunt) wrote :

Ah - seems we'd actually need to add in a couple of loops in those original dep-8 tests: run the tests as root, then run as a non-priv user too! :)

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Hi James,

to verify that this is a dup of bug 1413927, could you please

1. update your host to get lxcfs 0.4 :)

2. cat /proc/self/cgroup, get your name=systemd cgroup

3. under /sys/fs/cgroup/systemd/$(yourcgroup) chown your cgroup (i.e. /user.slice/user-1000.slice/session-c2.scope) and the tasks file under that to your uid?

4. re-try starting the container

Changed in lxc (Ubuntu):
status: New → Incomplete
Revision history for this message
James Hunt (jamesodhunt) wrote :

Hi Serge,

Yep, updating to lxcfs 0.4, killing lxcfs, then a 'sudo chown -R james: /sys/fs/cgroup/systemd/user.slice/user-1000.slice/session-c2.scope' allowed me to start the non-priv container.

Changed in lxc (Ubuntu):
status: Incomplete → New
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.