Ubuntu
lxc package

document that lxc-execute with separate rootfs does not work with commands

Bug #986956 reported by B. Clausius
30
This bug affects 6 people
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

1. $ sudo lxc-execute -n container /bin/bash
2. -> The prompt is shown
3. Type echo hello
4. -> The characters you type are not displayed, but the command output is displayed
5. -> The message "lxc-execute: Input/output error - failed to read" is displayed
6. Type exit
7. -> [1]+ Stopped sudo lxc-execute -n precise /bin/bash
8. Type fg and the container ends.

For other commands like nano or less it's the same. The output is correct but the input is not handled right, the effects in 4.,5. and 7. can vary.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lxc 0.7.5-3ubuntu52
ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
Uname: Linux 3.2.0-23-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu5
Architecture: amd64
Date: Sun Apr 22 19:35:33 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: lxc
UpgradeStatus: Upgraded to precise on 2012-03-31 (22 days ago)

Revision history for this message
B. Clausius (barcc) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in lxc (Ubuntu):
status: New → Confirmed
Serge Hallyn (serge-hallyn)
Changed in lxc (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Reproduced with upstream lxc.git as well.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

the read() in src/lxc/console.c:console_handler() is getting -1 (EPERM).

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

The task getting the -EPERM is the actual lxc-execute process itself (which is unconfined by both apparmor and cgroups), and the fd is to /dev/tty.

Revision history for this message
Daniel Lezcano (daniel-lezcano) wrote :

The lxc-execute command is used for 'application container'. Usually, the system container uses a rootfs and the application container do not use a rootfs. So lxc is looking for if the rootfs option is set and then setup the console.

Here lxc-execute is used with the rootfs, so it setup the console, that is to say it maps /dev/console to /dev/tty.

Of course, that makes sense only if we have the applications writing to /dev/console which is the case when the system containers boot. Doing that with a shell is messy and we have problem with the tty.

 => Why is needed a rootfs with lxc-execute ?

There are 2 solutions to fix this problem:

 (1) do not specify the rootfs but ro-bind-mount the <rootfs>/usr to /usr and the other needed directories.
 (2) change the code to have lxc-execute to take into account a rootfs but I wouldn't recommend that because that will bring much more complexity and more errors with the console by adding a new configuration combination. At least we should decide to ignore the rootfs option when lxc-execute is used.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks Daniel.

It sounds then like we should document this somewhere explicitly. I'll re-title the but and mark it low priority.

Changed in lxc (Ubuntu):
importance: Medium → Low
summary: - lxc-execute does not work with commands that require input from terminal
+ document that lxc-execute with separate rootfs does not work with
+ commands
Revision history for this message
B. Clausius (barcc) wrote :

The last comments make me think that lxc-execute works with application containers. Does it work?

The simplest usage would be (without a created container test):
$ sudo lxc-execute -n test /bin/bash
But due to bug 981955 this does not work. With the workaround there:
$ sudo lxc-execute -n test /bin/bash -s lxc.rootfs=/ -s lxc.aa_profile=unconfined
Now Daniel suggests not to specify lxc.rootfs?

What config makes the bash work with lxc-execute?
Or are interactive commands not intended to work with lxc-execute? The man-page says it should.

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 986956] Re: document that lxc-execute with separate rootfs does not work with commands

Quoting B Clausius (<email address hidden>):
> The last comments make me think that lxc-execute works with application
> containers. Does it work?
>
> The simplest usage would be (without a created container test):
> $ sudo lxc-execute -n test /bin/bash
> But due to bug 981955 this does not work. With the workaround there:
> $ sudo lxc-execute -n test /bin/bash -s lxc.rootfs=/ -s lxc.aa_profile=unconfined
> Now Daniel suggests not to specify lxc.rootfs?

Right, that being the case, that bug's priority needs to be raised. I will
get fixes proposed for SRU for that bug today.

> What config makes the bash work with lxc-execute?

Just lxc.aa_profile = unconfined will work, once bug 981955 is fixed.

Revision history for this message
Dylan Vassallo (dylanvassallo) wrote :

I am seeing this behavior too on 12.04. I must specify lxc.aa_profile = unconfined, and I must omit a rootfs setting, for lxc-execute to work with anything interactive like bash or python.

Revision history for this message
flob (fburka) wrote :

Adding -s lxc.tty=1 -s lxc.console=/dev/console for interactive processes works for me:

sudo lxc-execute -n test /bin/bash -s lxc.rootfs=/ -s lxc.tty=1 -s lxc.console=/dev/console

Revision history for this message
Christian Brauner (cbrauner) wrote :

lxc-execute now works correctly without a rootfs in LXC 2.*.*. So closing this.

Changed in lxc (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.