LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Containers
User Name
Password
Linux - Containers This forum is for the discussion of all topics relating to Linux containers. Docker, LXC, LXD, runC, containerd, CoreOS, Kubernetes, Mesos, rkt, and all other Linux container platforms are welcome.

Notices


Reply
  Search this Thread
Old 04-30-2019, 11:32 AM   #1
hkjz
Member
 
Registered: Apr 2019
Distribution: MX
Posts: 90

Rep: Reputation: Disabled
LXC 3.01, cannot start a container


Dear People,

I wanted to start my very first containers

Code:
$ sudo lxc-ls --fancy
NAME                 STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED 
gentooContainer STOPPED     0              -            -        -      false        
Container1         STOPPED     0              -            -        -      false
After checking apparmor status ive got
Code:
$ sudo apparmor_status
[sudo] password for mq: 
apparmor module is loaded.
apparmor filesystem is not mounted.
'apparmor filesystem is not mounted.'

and during executing start command, something happened,
something changed,
What i've got is:
Code:
$ sudo lxc-start -n gentooContainer -F
lxc-start: gentooContainer: lsm/apparmor.c: run_apparmor_parser: 808 Failed to run apparmor_parser on "/var/lib/lxc/gentooContainer/apparmor/lxc-gentooContainer_<-var-lib-lxc>": Warning: unable to find a suitable fs in /proc/mounts,
                                         Use is it mounted? --subdomainfs to override.
                                                                       lxc-start: gentooContainer: lsm/apparmor.c: remove_apparmor_namespace: 776 No such file or directory - Error removing AppArmor namespace
 lxc-start: gentooContainer: lsm/apparmor.c: apparmor_prepare: 980 Failed to load generated AppArmor profile
     lxc-start: gentooContainer: start.c: lxc_init: 899 Failed to initialize LSM
                                                                                lxc-start: gentooContainer: start.c: __lxc_start: 1917 Failed to initialize container "gentooContainer"
lxc-start: gentooContainer: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: gentooContainer: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
At the first sight:
'unable to find a suitable fs in /proc/mounts,
Use is it mounted? --subdomainfs to override.'
Code:
/proc
$ ls -l
lrwxrwxrwx  1 root       root                    11 Apr 30 14:39 mounts -> self/mounts
logs doesnt bring anything new
Code:
$ sudo lxc-start -n gentooContainer  --logfile mylogfile --logpriority debug
lxc-start: gentooContainer: lxccontainer.c: wait_on_daemonized_start: 833 No such file or directory - Failed to receive the container state
lxc-start: gentooContainer: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: gentooContainer: tools/lxc_start.c: main: 333 To get more details, run the container in foreground mode
lxc-start: gentooContainer: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
what should i do to make it running, even if it say 'no' so far
 
Old 04-30-2019, 11:50 AM   #2
hkjz
Member
 
Registered: Apr 2019
Distribution: MX
Posts: 90

Original Poster
Rep: Reputation: Disabled
mounting is under

Code:
sudo /etc/init.d/apparmor start
it helps but still dont solve the problem

Code:
$ sudo lxc-start -n gentooContainer  --logfile mylogfile --logpriority debug -F
lxc-start: gentooContainer: cgroups/cgfsng.c: cg_legacy_set_data: 2191 Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy
                      lxc-start: gentooContainer: start.c: lxc_spawn: 1814 Failed to setup legacy device cgroup controller limits
                             lxc-start: gentooContainer: start.c: __lxc_start: 1951 Failed to spawn container "gentooContainer"
                           lxc-start: gentooContainer: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: gentooContainer: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
and here is a logfile
Code:
$ sudo cat mylogfile
lxc-start gentooContainer 20190430173109.455 INFO     lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start gentooContainer 20190430173109.471 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:714 - Using terminal "/dev/tty" as proxy
lxc-start gentooContainer 20190430173109.471 DEBUG    terminal - terminal.c:lxc_terminal_signal_init:192 - Created signal fd 9
lxc-start gentooContainer 20190430173109.471 DEBUG    terminal - terminal.c:lxc_terminal_winsz:90 - Set window size to 100 columns and 54 rows
lxc-start gentooContainer 20190430173109.685 INFO     start - start.c:lxc_init:904 - Container "gentooContainer" is initialized
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWNS
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWPID
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWUTS
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWIPC
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWNET
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved mnt namespace via fd 15
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved pid namespace via fd 16
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved uts namespace via fd 17
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved ipc namespace via fd 18
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved net namespace via fd 19
lxc-start gentooContainer 20190430173109.687 INFO     cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2237 - Limits for the legacy cgroup hierarchies have been setup
lxc-start gentooContainer 20190430173109.687 DEBUG    start - start.c:lxc_spawn:1754 - Preserved net namespace via fd 10
lxc-start gentooContainer 20190430173109.688 INFO     start - start.c:do_start:1254 - Unshared CLONE_NEWCGROUP
lxc-start gentooContainer 20190430173109.688 DEBUG    storage - storage/storage.c:get_storage_by_name:231 - Detected rootfs type "dir"
lxc-start gentooContainer 20190430173109.688 DEBUG    conf - conf.c:lxc_mount_rootfs:1332 - Mounted rootfs "/var/lib/lxc/gentooContainer/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)"
lxc-start gentooContainer 20190430173109.688 INFO     conf - conf.c:setup_utsname:791 - Set hostname to "gentooContainer"
lxc-start gentooContainer 20190430173109.688 INFO     network - network.c:lxc_setup_network_in_child_namespaces:3053 - network has been setup
lxc-start gentooContainer 20190430173109.688 INFO     conf - conf.c:mount_autodev:1118 - Preparing "/dev"
lxc-start gentooContainer 20190430173109.689 INFO     conf - conf.c:mount_autodev:1165 - Prepared "/dev"
lxc-start gentooContainer 20190430173109.689 INFO     conf - conf.c:lxc_fill_autodev:1209 - Populating "/dev"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/full"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/null"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/random"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/tty"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/urandom"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/zero"
lxc-start gentooContainer 20190430173109.689 INFO     conf - conf.c:lxc_fill_autodev:1286 - Populated "/dev"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2027 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2048 - Flags for "/sys/fs/fuse/connections" were 4096, required extra flags are 0
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2058 - Mountflags already were 4096, skipping remount
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "none" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/shm" with filesystem type "tmpfs"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "proc" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/proc" with filesystem type "proc"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "sys" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/sys" with filesystem type "sysfs"
lxc-start gentooContainer 20190430173109.690 INFO     conf - conf.c:mount_file_entries:2333 - Finished setting up mounts
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:lxc_setup_dev_console:1771 - Mounted pts device "/dev/pts/2" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/console"
lxc-start gentooContainer 20190430173109.690 INFO     utils - utils.c:lxc_mount_proc_if_needed:1231 - I am 1, /proc/self points to "1"
lxc-start gentooContainer 20190430173109.704 WARN     conf - conf.c:lxc_setup_devpts:1616 - Invalid argument - Failed to unmount old devpts instance
lxc-start gentooContainer 20190430173109.704 DEBUG    conf - conf.c:lxc_setup_devpts:1653 - Mount new devpts instance with options "gid=5,newinstance,ptmxmode=0666,mode=0620,max=1024"
lxc-start gentooContainer 20190430173109.704 DEBUG    conf - conf.c:lxc_setup_devpts:1672 - Created dummy "/dev/ptmx" file as bind mount target
lxc-start gentooContainer 20190430173109.704 DEBUG    conf - conf.c:lxc_setup_devpts:1677 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx"
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/0" with master fd 11 and slave fd 14
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/1" with master fd 15 and slave fd 16
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/2" with master fd 17 and slave fd 18
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/3" with master fd 19 and slave fd 20
lxc-start gentooContainer 20190430173109.705 INFO     conf - conf.c:lxc_allocate_ttys:1005 - Finished creating 4 tty devices
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/0" onto "/dev/tty1"
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/1" onto "/dev/tty2"
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/2" onto "/dev/tty3"
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/3" onto "/dev/tty4"
lxc-start gentooContainer 20190430173109.706 INFO     conf - conf.c:lxc_setup_ttys:949 - Finished setting up 4 /dev/tty<N> device(s)
lxc-start gentooContainer 20190430173109.706 INFO     conf - conf.c:setup_personality:1716 - Set personality to "0x0"
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped mac_admin (33) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped mac_override (32) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped sys_time (25) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped sys_module (16) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped sys_rawio (17) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2529 - Capabilities have been setup
lxc-start gentooContainer 20190430173109.706 NOTICE   conf - conf.c:lxc_setup:3716 - The container "gentooContainer" is set up
lxc-start gentooContainer 20190430173109.706 INFO     lsm - lsm/lsm.c:lsm_process_label_set_at:178 - Set AppArmor label to "lxc-gentooContainer_</var/lib/lxc>//&:lxc-gentooContainer_<-var-lib-lxc>:"
lxc-start gentooContainer 20190430173109.706 INFO     apparmor - lsm/apparmor.c:apparmor_process_label_set:1101 - Changed AppArmor profile to lxc-gentooContainer_</var/lib/lxc>//&:lxc-gentooContainer_<-var-lib-lxc>:
lxc-start gentooContainer 20190430173109.706 WARN     cgfsng - cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
lxc-start gentooContainer 20190430173109.706 ERROR    cgfsng - cgroups/cgfsng.c:cg_legacy_set_data:2191 - Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy
lxc-start gentooContainer 20190430173109.707 WARN     cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2228 - Failed to set "devices.deny" to "a"
lxc-start gentooContainer 20190430173109.707 ERROR    start - start.c:lxc_spawn:1814 - Failed to setup legacy device cgroup controller limits
lxc-start gentooContainer 20190430173109.707 DEBUG    network - network.c:lxc_delete_network:3180 - Deleted network devices
lxc-start gentooContainer 20190430173109.708 ERROR    start - start.c:__lxc_start:1951 - Failed to spawn container "gentooContainer"
lxc-start gentooContainer 20190430173109.895 ERROR    lxc_start - tools/lxc_start.c:main:330 - The container failed to start
lxc-start gentooContainer 20190430173109.895 ERROR    lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options

Last edited by hkjz; 04-30-2019 at 12:44 PM.
 
Old 04-30-2019, 01:05 PM   #3
hkjz
Member
 
Registered: Apr 2019
Distribution: MX
Posts: 90

Original Poster
Rep: Reputation: Disabled
Code:
cgfsng - cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
does this thing tell anything to anyone?
 
Old 05-03-2019, 06:33 AM   #4
hkjz
Member
 
Registered: Apr 2019
Distribution: MX
Posts: 90

Original Poster
Rep: Reputation: Disabled
Code:
$ lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-4.19.0-1-amd64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup/systemd

Cgroup v2 mount points: 


Cgroup v1 freezer controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
new tool which is
$ lxc-checkconfig
came into play,
does this time, the outcome can help anyhow in solving the riddle of LXC?


shortly,
what came up from checkconfig is
1.
Kernel configuration not found at /proc/config.gz; searching...

2.
Cgroup v1 freezer controller: missing

3.
newuidmap is not installed
newgidmap is not installed
(apt install newuidmap/newgidmap doesnt help)

4.there are plenty of not loaded things
Code:
--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
 
Old 05-03-2019, 10:22 AM   #5
Lisux
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Rep: Reputation: 2
Did you get this working?

I'm running in to the same problem. Unprivileged container. I get everything set up but it always fails with:

Quote:
lxc-start testcontainer 20190503151946.433 INFO apparmor - lsm/apparmor.c:apparmor_process_label_set:249 - Changed apparmor profile to lxc-container-default-cgns
lxc-start testcontainer 20190503151946.435 WARN cgfsng - cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
lxc-start testcontainer 20190503151946.435 ERROR cgfsng - cgroups/cgfsng.c:cg_legacy_set_data:2191 - Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy
lxc-start testcontainer 20190503151946.435 WARN cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2228 - Failed to set "devices.deny" to "a"
I can't get any more detailed information from this error. I have tried both with Arch Linux (latest code) and Ubuntu 18.04 hosts and they get the exact same error.
 
Old 05-03-2019, 11:18 AM   #6
hkjz
Member
 
Registered: Apr 2019
Distribution: MX
Posts: 90

Original Poster
Rep: Reputation: Disabled
Hey,
I made containers running on VM Ubuntu Server without problem.

So far on my client machine Linux i have no luck,
i know though that updating LXC from 2.0.7 to 3.1 and installing apparmor moved my case a little bit forward

Code:
$ sudo apt install apparmor-profiles
$ sudo apt install apparmor-profiles-extra
$ sudo apt install apparmor-utils

$ sudo apparmor_status

$ sudo /etc/init.d/apparmor start

$ sudo lxc-start -f -n myContainter
but in your case... we are most probably standing in the same point )

Last edited by hkjz; 05-03-2019 at 11:20 AM.
 
Old 05-05-2019, 06:28 AM   #7
Lisux
LQ Newbie
 
Registered: Aug 2005
Posts: 6

Rep: Reputation: 2
OK, I got it working in Ubuntu at least.

The the container config I removed:
Code:
#lxc.include = /usr/share/lxc/config/common.conf
Then I added:
Code:
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
Now I can start the container as a regular user. I still need to look at Arch Linux to see if I can get it working but I imagine it's going to require something similar.

It took a massive amount of effort to figure this out. The documentation is severely lacking and searching for the errors on the 'Net does not yield results.

Edit:
Arch Linux is similar. The "userns.conf" seems to be the key.
Code:
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf

Last edited by Lisux; 05-05-2019 at 06:47 AM. Reason: Add Arch Linux info
 
1 members found this post helpful.
Old 05-08-2019, 06:24 PM   #8
RickDeckard
Member
 
Registered: Jan 2014
Location: Acworth, Georgia, USA
Distribution: Arch+Gentoo Hardened, Ubuntu
Posts: 123

Rep: Reputation: Disabled
Arch Linux's default posture lacks support for unprivileged user namespaces, something which I can halfway understand given the searches you can make on Exploit-DB or the like even today -- there was a systemd issue just a week or so ago which allowed the creation of random setuid binaries via unprivileged namespaces.

Last edited by RickDeckard; 05-08-2019 at 06:26 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian LXC container cannot ping outside world netpumber Linux - Newbie 2 04-21-2017 03:01 AM
[SOLVED] "lxc list" vs "lxc-ls" yknivag Linux - Virtualization and Cloud 1 03-09-2017 05:53 AM
Unable to start unprivileged Lxc container on Debian Sid hurd Debian 0 02-02-2015 10:45 PM
script to get a lxc-container like iso of current. cod_liver_0il Slackware 1 09-10-2012 11:12 AM
How to end a Linux Container (LXC) from within? Skaperen Linux - Virtualization and Cloud 0 06-14-2011 09:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Containers

All times are GMT -5. The time now is 05:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration