SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Configuration file and template are the default ones that came with the installation which I have not modified. This is the error in lxc.log after I try to run lxc-start:
Code:
lxc-start 20170924104623.469 ERROR lxc_utils - utils.c:safe_mount:1692 - Device or resource busy - Failed to mount none onto /var/lib/rootfs-lxc//proc
lxc-start 20170924104623.469 ERROR lxc_conf - conf.c:mount_entry:1650 - Device or resource busy - failed to mount 'none' on '/var/lib/rootfs-lxc//proc'
lxc-start 20170924104623.469 ERROR lxc_conf - conf.c:lxc_setup:3726 - failed to setup the mounts for 'slack'
lxc-start 20170924104623.469 ERROR lxc_start - start.c:do_start:833 - failed to setup the container
lxc-start 20170924104623.469 ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 3)
lxc-start 20170924104623.470 ERROR lxc_start - start.c:__lxc_start:1353 - failed to spawn 'slack'
lxc-start 20170924104628.487 ERROR lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
lxc-start 20170924104628.490 ERROR lxc_start_ui - lxc_start.c:main:346 - To get more details, run the container in foreground mode.
lxc-start 20170924104628.492 ERROR lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
I am running those commands as root. What am I missing?
This is the configuration I use:
Code:
$ cat slackware.common.conf
lxc.include = /usr/share/lxc/config/common.conf
lxc.devttydir =
lxc.cgroup.devices.allow = c 254:0 rm
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.cgroup.devices.allow = c 10:228 rwm
lxc.cgroup.devices.allow = c 10:232 rwm
lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
lxc.cap.drop = mknod setfcap setpcap
$
$ cat common.conf
lxc.devttydir = lxc
lxc.pts = 1024
lxc.tty = 4
lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
lxc.pivotdir = lxc_putold
lxc.hook.clone = /usr/share/lxc/hooks/clonehostname
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
lxc.cgroup.devices.allow = c 1:7 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 10:229 rwm
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
lxc.seccomp = /usr/share/lxc/config/common.seccomp
lxc.include = /usr/share/lxc/config/common.conf.d/
you don't need to specify the /usr/share/lxc/config/slackware.common.conf file as a configuration file for your container, as this is already included whenever you create a container of type "slackware" (with the "-t slackware" option).
you should first decide which kind of networking you prefer for your container (here you can find a couple of examples of that) and after that create a foo.conf configuration file specific for the container you want to create following your network choices.
after that a
Code:
lxc-create -n slack -f foo.conf -t slackware
should do.
don't forget to edit the network configuration of your container in its own filesystem ($CONTAINER_ROOT/etc/rc.d/rc.inet1.conf, $CONTAINER_ROOT/etc/resolv.conf, etc.) accordingly, before starting it.
Thanks for the hint. I assumed that I do not need a network configuration since I just wanted to see if LXC works at all - without the need to connect to any network. Anyway, the container starts now and I can verify with lxc-ls
Code:
# lxc-ls -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6
slack RUNNING 0 - 192.168.2.10 -
However, lxc-console fails:
Code:
# lxc-console -n slack
lxc-console 20170924173039.697 ERROR lxc_commands - commands.c:lxc_cmd_console:714 - console -1 invalid,busy or all consoles busy
I just installed a slackware64-14.2 to verify the situation and I noticed a thing (I hadn't noticed it earlier, sorry): when you use lxc-create to assemble the container the release used is current but the template is for 14.2 (maybe should be good to change this default in the template).
I suggest you to stop the container with lxc-stop, remove it (rm -fR /var/lib/lxc/slack) and re-create it with this command (note the additional "release" parameter):
also before starting the container I took up a bridge for a natted network with the following script (the interface connected to my router is wlan0, set yours accordingly)
I just installed a slackware64-14.2 to verify the situation and I noticed a thing (I hadn't noticed it earlier, sorry): when you use lxc-create to assemble the container the release used is current but the template is for 14.2 (maybe should be good to change this default in the template).
Even before I saw your last post I got it working. I do not know why it is suddenly working, though. I just destroyed and recreated the container a few times, starting over from scratch. While trying to verify if my firewall settings were to blame I pulled the cable and stopped the firewall. So all local traffic could flow uninhibited. When I created the container lxc-create could not make a connection. However, the packages were already in the cache from my previous attempts. It must have used them. Afterwards it started working and after I chrooted into the rootfs to set a password for root, I was able to login via lxc-console.
I then proceeded to destroy the container yet again and empty all caches. I restored all my firewall settings and repeated the all the steps like before (in the link you provided). It still worked without setting any release variable. I do not know why. At least I now know that my firewall settings were not to blame.
Anyway, could you provide some explanation why the network must be configured in order to mount the /proc directory in the LXC container? This is still quite counterintuitive to me.
Even before I saw your last post I got it working. I do not know why it is suddenly working, though. I just destroyed and recreated the container a few times, starting over from scratch. While trying to verify if my firewall settings were to blame I pulled the cable and stopped the firewall. So all local traffic could flow uninhibited. When I created the container lxc-create could not make a connection. However, the packages were already in the cache from my previous attempts. It must have used them. Afterwards it started working and after I chrooted into the rootfs to set a password for root, I was able to login via lxc-console.
when you run lxc-create these are the last line of output
Code:
Root default password is 'root', please change it!
Copying rootfs to /var/lib/lxc/slack/rootfs...
Quote:
I then proceeded to destroy the container yet again and empty all caches. I restored all my firewall settings and repeated the all the steps like before (in the link you provided). It still worked without setting any release variable. I do not know why. At least I now know that my firewall settings were not to blame.
that's good news: the template in current has been changed since 14.2 was released, and it's fine to know that using the old with a current repository still produces a working system.
Quote:
Anyway, could you provide some explanation why the network must be configured in order to mount the /proc directory in the LXC container? This is still quite counterintuitive to me.
I can't answer you on that, actually I though it shouldn't: I tried just running the script above that setup the bridge and leaving the network configuration of the slack container blank and I could login with "lxc-console -n slack" fine
it looks like if you don't configure it, it still takes the eth0 address from the container configuration file: after generating the container this is what I got in /var/lib/lxc/slack/config
Code:
# Template used to create this container: /usr/share/lxc/templates/lxc-slackware
# Parameters passed to the template:
# For additional config options, please look at lxc.container.conf(5)
# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.hwaddr = 00:aa:11:bb:22:cc
lxc.network.ipv4 = 192.168.111.2/24
lxc.network.name = eth0
lxc.rootfs = /var/lib/lxc/slack/rootfs
lxc.rootfs.backend = dir
lxc.utsname = slack
lxc.mount = /var/lib/lxc/slack/rootfs/etc/fstab
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /var/lib/lxc/slack/rootfs
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
# we don't trust even the root user in the container, better safe than sorry.
# comment out only if you know what you're doing.
lxc.cap.drop = sys_module mknod mac_override mac_admin sys_time setfcap setpcap
# you can try also this alternative to the line above, whatever suits you better.
# lxc.cap.drop=sys_admin
that's good news: the template in current has been changed since 14.2 was released, and it's fine to know that using the old with a current repository still produces a working system.
I asked Pat to add those packages either because they were necessary to get container networking functioning properly in exotic setups (the net-tools suite isn't cgroup-aware, but the iproute2 suite is, so putting the host-side veth adapter in a separate network namespace only works if the container-side veth adapter is managed using iproute2), or because they were necessary to complete the transitive closure of the packages installed by the template (several installed tools were missing dependent libraries, so they couldn't be used). As long as you don't have a fancy networking arrangement or a need for every binary installed in the container, the existing 14.2 template will work fine.
you should first decide which kind of networking you prefer for your container (here you can find a couple of examples of that) and ...
Sorry to reopen the thread again. When I click on the link above I get a Security warning that the issuer of the certificated is unknown. Since the issuer is also ponce I think it is ok to add a security exception. I just want to be sure about it. I also assume that you are the same ponce to whom the aforementioned site belongs.
Sorry to reopen the thread again. When I click on the link above I get a Security warning that the issuer of the certificated is unknown. Since the issuer is also ponce I think it is ok to add a security exception. I just want to be sure about it. I also assume that you are the same ponce to whom the aforementioned site belongs.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.