Ubuntu
linux package

Can not start unprivileged container on host with Xen

Bug #1615593 reported by Martin John
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Incomplete
Undecided
Seth Forshee

Bug Description

With a minimum server install of including (zfs, xen-hypervisor-amd64, nfs-common, and lxd).

When I create a privileged container - it works fine.
When I create an unprivileged container - it won't start with

# lxc info --show-log test | grep ERROR
            lxc 20160822115926.073 ERROR lxc_utils - utils.c:safe_mount:1692 - Operation not permitted - Failed to mount proc onto /usr/lib/x86_64-linux-gnu/lxc/proc
            lxc 20160822115926.073 ERROR lxc_conf - conf.c:lxc_mount_auto_mounts:743 - Operation not permitted - error mounting proc on /usr/lib/x86_64-linux-gnu/lxc/proc flags 14
            lxc 20160822115926.073 ERROR lxc_conf - conf.c:lxc_setup:3721 - failed to setup the automatic mounts for 'test'
            lxc 20160822115926.073 ERROR lxc_start - start.c:do_start:833 - failed to setup the container
            lxc 20160822115926.073 ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 3)
            lxc 20160822115926.073 ERROR lxc_start - start.c:__lxc_start:1353 - failed to spawn 'test'

# uname -a
Linux xen 4.4.0-34-generic #53-Ubuntu SMP Wed Jul 27 16:06:39 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

# lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04

Tool versions
# apt-cache policy zfsutils-linux
zfsutils-linux:
  Installed: 0.6.5.6-0ubuntu12
  Candidate: 0.6.5.6-0ubuntu12
  Version table:
 *** 0.6.5.6-0ubuntu12 500
        500 http://gb.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     0.6.5.6-0ubuntu8 500
        500 http://gb.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages

# apt-cache policy xen-hypervisor-4.6-amd64
xen-hypervisor-4.6-amd64:
  Installed: 4.6.0-1ubuntu4.1
  Candidate: 4.6.0-1ubuntu4.1
  Version table:
 *** 4.6.0-1ubuntu4.1 500
        500 http://gb.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages
        100 /var/lib/dpkg/status
     4.6.0-1ubuntu4 500
        500 http://gb.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages

# apt-cache policy nfs-common
nfs-common:
  Installed: 1:1.2.8-9ubuntu12
  Candidate: 1:1.2.8-9ubuntu12
  Version table:
 *** 1:1.2.8-9ubuntu12 500
        500 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
        100 /var/lib/dpkg/status

# apt-cache policy lxd
lxd:
  Installed: 2.0.3-0ubuntu1~ubuntu16.04.2
  Candidate: 2.0.3-0ubuntu1~ubuntu16.04.2
  Version table:
 *** 2.0.3-0ubuntu1~ubuntu16.04.2 500
        500 http://gb.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     2.0.2-0ubuntu1~16.04.1 500
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
     2.0.0-0ubuntu4 500
        500 http://gb.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

I've another system, which is very similar but without Xen installed, which doesn't have the same issue with creating unprivileged containers. It would seem that it is probably some clash between the two (also suggested in http://unix.stackexchange.com/questions/296998/create-lxd-containers-on-machine-with-no-internet-connection)

Revision history for this message
Stéphane Graber (stgraber) wrote :

This is a kernel bug which sforshee has been working on. It should be included in the next round of kernel updates.

affects: lxc (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu):
assignee: nobody → Seth Forshee (sforshee)
Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 1615593

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Seth Forshee (sforshee) wrote :

Marking this as a duplicate of bug #1607374.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.