lxc-sshd won't start with 2.0.8
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
On a xenial system after an update to lxc, starting a container created with the lxc-sshd template fails consistently. This does not occur with 2.0.7.
root@xenial:~# lxc-create -n mysshd -t /usr/share/
Generating public/private rsa key pair.
Your identification has been saved in /var/lib/
Your public key has been saved in /var/lib/
The key fingerprint is:
SHA256:
The key's randomart image is:
+---[RSA 2048]----+
| . . |
| . o . |
| = o o |
| *.. . |
| . So+o |
| ++=Eo. |
| .+++BBo |
| .+B+oO=+o |
| ..o+++== .o |
+----[SHA256]-----+
Generating public/private dsa key pair.
Your identification has been saved in /var/lib/
Your public key has been saved in /var/lib/
The key fingerprint is:
SHA256:
The key's randomart image is:
+---[DSA 1024]----+
| |
| o |
| + . |
| . * o o |
|. . + E S o |
| + o + X + . |
|. o o + = o o |
| . + .+B.. ooo. |
| o ++==..oo=*+ |
+----[SHA256]-----+
root@xenial:~# lxc-start -n mysshd --logfile mysshd.log
lxc-start: tools/lxc_start.c: main: 366 The container failed to start.
lxc-start: tools/lxc_start.c: main: 368 To get more details, run the container in foreground mode.
lxc-start: tools/lxc_start.c: main: 370 Additional information can be obtained by setting the --logfile and --logpriority options.
root@xenial:~# cat mysshd.log
lxc-start 20170622214710.829 ERROR lxc_conf - conf.c:
lxc-start 20170622214710.829 ERROR lxc_conf - conf.c:
lxc-start 20170622214710.829 ERROR lxc_start - start.c:
lxc-start 20170622214710.829 ERROR lxc_sync - sync.c:
lxc-start 20170622214710.868 ERROR lxc_start - start.c:
lxc-start 20170622214715.901 ERROR lxc_start_ui - tools/lxc_
lxc-start 20170622214715.901 ERROR lxc_start_ui - tools/lxc_
lxc-start 20170622214715.901 ERROR lxc_start_ui - tools/lxc_
root@xenial:~# dpkg -l '*lxc*'
Desired=
| Status=
|/ Err?=(none)
||/ Name Version Architecture Description
+++-===
un liblxc0 <none> <none> (no description available)
ii liblxc1 2.0.8-0ubuntu1~
ii lxc 2.0.8-0ubuntu1~
ii lxc-common 2.0.8-0ubuntu1~
ii lxc-templates 2.0.8-0ubuntu1~
ii lxc1 2.0.8-0ubuntu1~
ii lxcfs 2.0.6-0ubuntu1~
un lxctl <none> <none> (no description available)
ii python3-lxc 2.0.8-0ubuntu1~
Removing the addition of the bind-mount for /dev to the config from the template seems to move the start along, yet implications of doing this are unknown.
Changed in lxc (Ubuntu): | |
status: | New → Fix Released |
Hi Miroslav,
Yes, we've been hardening the console handling code quite a bit prior to this release. It seems that you are on a read-only file system which prevents LXC from removing the underlying "/dev/console" file that already exists. LXC wants to remove this file since it wants to prevent bind-mounting over a possible malicious file. Is the read-only filesystem intentional?