lxc-execute without config does not seem to work in precise

Thanks for reporting this bug.

The output (in particular '(null)' looks strange.

Is lxc installed in the container? In particular, does it have /usr/lib/lxc/lxc-init and all its dependencies installed?

Can you give the contents of debug.out after running:

   lxc-execute -l DEBUG -o debug.out -n test /bin/bash

How did you create this container?

If I do:

sudo lxc-create -t ubuntu -n e1
sudo chroot /var/lib/lxc/e1/rootfs apt-get update
sudo chroot /var/lib/lxc/e1/rootfs apt-get install lxc
sudo lxc-execute -n e1 /bin/echo hi

I get

lxc-init: failed to mount /dev/shm : No such file or directory
hi

If you don't install lxc in the container, you should get an error about not being able to execute lxc-init, but the error about not executing "(null)" is simply odd.

Your host is precise?

Hi, the wiki page I was following had no container, it was using an
implicit one or something - that gave me the impression it could just
act as an isolation layer around / , isolating only the things
configured (e.g. dev access, or networking).

That said, lxc-execute with an ephemeral mode looks like it would do
exactly what LP needs for test running :)

Sorry for the incomplete info

I am using a container without rootfs.
Just type for a not existing container "test":
$ sudo lxc-execute -n test /bin/echo hi
lxc-execute: Invalid argument - failed to get real path for '(null)'
lxc-execute: failed to pin the container's rootfs
lxc-execute: failed to spawn 'test'
lxc-execute: No such file or directory - failed to remove cgroup '/sys/fs/cgroup//lxc/test'

or use a container ceated with:
$ sudo lxc-create -n test
No config file specified, using the default config
'test' created

I used different configs and it seams it is caused by the missing rootfs.

Such simple things worked in the past at least under Natty, but not in precise.

Ah. I see now. Thanks, guys.

There are actually two things you need to add to a configuration file to make this work. If I do:

cat > test.conf << EOF
lxc.aa_profile = unconfined
lxc.rootfs = /
EOF

lxc-execute -n test -f test.conf -- /bin/echo hi

That works for me.

Skipping the pinning of rootfs when lxc.rootfs = NULL would seem sensible. I'm not sure what we should do about the apparmor profile for this case.

Set priority to low as there is a workaround.

Thanks Serge!

Note, as per the test case in Description, you'll still need to use a lxc.conf containing 'lxc.aa_profile = unconfined' (or some other custom profile) to have permissions you need on the host.

Status changed to 'Confirmed' because the bug affects multiple users.

Hello Robert, or anyone else affected,

Accepted lxc into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Fix verified, if my answer counts.

Works well here, thanks!

This bug was fixed in the package lxc - 0.8.0~rc1-4ubuntu1

---------------
lxc (0.8.0~rc1-4ubuntu1) quantal; urgency=low

  * Merge from unstable. Remaining changes:
    - control:
      - update maintainer
      - Build-Depends: add dh-apparmor and libapparmor-dev
      - lxc Depends: add bridge-utils, dnsmasq-base, iptables, rsync
      - lxc Recommends: add cgroup-lite | cgroup-bin, openssl
      - lxc Suggests: add btrfs-tools, lvm2, qemu-user-static
      - lxc Conflicts: remove (cgroup-bin)
    - Add lxc-start-ephemeral and lxc-wait to debian/local
    - apparmor:
      - add lxc.apparmor, lxc-containers.apparmor,
        lxc-default.apparmor, and new lxc.apparmor.in
    - add debian/lxc.conf (default container creation config file)
    - debian/lxc.install.in:
      * add lxc-start-ephemeral
      * add debian/lxc.conf
      * skip lxc-debconf*
      * skip lxc-ls (Use upstream's)
    - debian/lxc*.install.in: use '*', not @DEB_HOST_MULTIARCH@
    - Use our own completely different lxc.postinst and lxc.postrm
    - remove lxc.templates
    - debian/rules:
      * add DEB_DH_INSTALLINIT_ARGS = --upstart-only
      * don't do debconf stuff
      * add debian/*.apparmor.in to files processed under
        override_dh_auto_clean
      * don't comment out ubuntu or busybox templates
      * do apparmor stuff and install our own lxc-wait under override_dh_install
      * install our upstart scripts in override_dh_installinit
    - add lxc.default, lxc.lxc-net.upstart, lxc.upstart under
      debian/

  * patches kept:
    - 0013-lxc-create-use-default-config.patch (needed manual rebase)
    - 0030-ubuntu-template-fail.patch
    - 0031-ubuntu-template-resolvconf.patch
    - 0044-lxc-destroy-rm-autos
    - debian/patches/0045-fix-other-templates
    - debian/patches/0046-lxc-clone-change-hwaddr
    - debian/patches/0047-bindhome-check-shell
    - debian/patches/0049-ubuntu-template-sudo-and-cleanup
    - debian/patches/0050-clone-lvm-sizes
    - debian/patches/0052-ubuntu-bind-user-conflict
    - debian/patches/0053-lxc-start-pin-rootfs
    - debian/patches/0054-ubuntu-debug
    - debian/patches/0055-ubuntu-handle-badgrp
    - debian/patches/0056-dont-watch-utmp
    - debian/patches/0057-update-manpages
    - debian/patches/0058-fixup-ubuntu-cloud
    - debian/patches/0059-reenable-daily-cloudimg
    - debian/patches/0060-lxc-shutdown
    - debian/patches/0061-lxc-start-apparmor
    - debian/patches/0062-templates-relative-paths
    - debian/patches/0063-check-apparmor-enabled
    - debian/patches/0064-apparmor-mount-proc
    - debian/patches/0065-fix-bindhome-relpath
    - debian/patches/0066-confile-typo
    - debian/patches/0067-templates-lxc-profile
    - debian/patches/0068-fix-lxc-config-layout
    - debian/patches/0069-ubuntu-cloud-fix
    - debian/patches/0070-templates-rmdir-dev-shm
    - debian/patches/0071-ubuntu-cloud-fix-image-extraction
    - debian/patches/0072-lxc-shutdown-help
    - debian/patches/0073-lxc-destroy-waits-before-destroy
    - mark all patches which have been forwarded as such, refresh all
  * 0074-lxc-execute-find-init: lxc-init had moved. Introduce a function in
    lxc-execute to go find it. Otherwise lxc-...

Is lxc 0.8.0 going to be updated into Precise? This bug is pretty annoying; and while I appreciate there is a workaround, it seems adding an extra config entry to lxc-excute invocation just to avoid an apparmor failure is a bit much to ask of users.

AfC

0.8.0 will not be pulled into precise, but the fix is being SRU'd, and the new lxc-execute profile will be as well. (the rootfs fix is in precise-proposed awaiting testing, please feel free to test)

This bug was fixed in the package lxc - 0.7.5-3ubuntu53

---------------
lxc (0.7.5-3ubuntu53) precise-proposed; urgency=low

  * 0074-fix-sprintfs - check return values for all sprintfs and snprintfs
    which could overflow (LP: #988918)
  * 0075-execute-without-rootfs: let lxc-execute succeed with no rootfs
    (LP: #981955)
 -- Serge Hallyn <email address hidden> Thu, 26 Apr 2012 10:52:47 -0500