LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Containers (https://www.linuxquestions.org/questions/linux-containers-122/)
-   -   LXC 3.01, cannot start a container (https://www.linuxquestions.org/questions/linux-containers-122/lxc-3-01-cannot-start-a-container-4175653006/)

hkjz 04-30-2019 11:32 AM
LXC 3.01, cannot start a container
 
Dear People,

I wanted to start my very first containers

Code:
$ sudo lxc-ls --fancy
NAME                STATE  AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
gentooContainer STOPPED    0              -            -        -      false       
Container1        STOPPED    0              -            -        -      false
After checking apparmor status ive got
Code:
$ sudo apparmor_status
[sudo] password for mq:
apparmor module is loaded.
apparmor filesystem is not mounted.
'apparmor filesystem is not mounted.'

and during executing start command, something happened,
something changed,
What i've got is:
Code:
$ sudo lxc-start -n gentooContainer -F
lxc-start: gentooContainer: lsm/apparmor.c: run_apparmor_parser: 808 Failed to run apparmor_parser on "/var/lib/lxc/gentooContainer/apparmor/lxc-gentooContainer_<-var-lib-lxc>": Warning: unable to find a suitable fs in /proc/mounts,
                                        Use is it mounted? --subdomainfs to override.
                                                                      lxc-start: gentooContainer: lsm/apparmor.c: remove_apparmor_namespace: 776 No such file or directory - Error removing AppArmor namespace
 lxc-start: gentooContainer: lsm/apparmor.c: apparmor_prepare: 980 Failed to load generated AppArmor profile
    lxc-start: gentooContainer: start.c: lxc_init: 899 Failed to initialize LSM
                                                                                lxc-start: gentooContainer: start.c: __lxc_start: 1917 Failed to initialize container "gentooContainer"
lxc-start: gentooContainer: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: gentooContainer: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
At the first sight:
'unable to find a suitable fs in /proc/mounts,
Use is it mounted? --subdomainfs to override.'
Code:
/proc
$ ls -l
lrwxrwxrwx  1 root      root                    11 Apr 30 14:39 mounts -> self/mounts
logs doesnt bring anything new
Code:
$ sudo lxc-start -n gentooContainer  --logfile mylogfile --logpriority debug
lxc-start: gentooContainer: lxccontainer.c: wait_on_daemonized_start: 833 No such file or directory - Failed to receive the container state
lxc-start: gentooContainer: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: gentooContainer: tools/lxc_start.c: main: 333 To get more details, run the container in foreground mode
lxc-start: gentooContainer: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
what should i do to make it running, even if it say 'no' so far

hkjz 04-30-2019 11:50 AM
mounting is under

Code:
sudo /etc/init.d/apparmor start
it helps but still dont solve the problem

Code:
$ sudo lxc-start -n gentooContainer  --logfile mylogfile --logpriority debug -F
lxc-start: gentooContainer: cgroups/cgfsng.c: cg_legacy_set_data: 2191 Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy
                      lxc-start: gentooContainer: start.c: lxc_spawn: 1814 Failed to setup legacy device cgroup controller limits
                            lxc-start: gentooContainer: start.c: __lxc_start: 1951 Failed to spawn container "gentooContainer"
                          lxc-start: gentooContainer: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: gentooContainer: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
and here is a logfile
Code:

$ sudo cat mylogfile
lxc-start gentooContainer 20190430173109.455 INFO    lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO    seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start gentooContainer 20190430173109.471 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:714 - Using terminal "/dev/tty" as proxy
lxc-start gentooContainer 20190430173109.471 DEBUG    terminal - terminal.c:lxc_terminal_signal_init:192 - Created signal fd 9
lxc-start gentooContainer 20190430173109.471 DEBUG    terminal - terminal.c:lxc_terminal_winsz:90 - Set window size to 100 columns and 54 rows
lxc-start gentooContainer 20190430173109.685 INFO    start - start.c:lxc_init:904 - Container "gentooContainer" is initialized
lxc-start gentooContainer 20190430173109.686 INFO    start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWNS
lxc-start gentooContainer 20190430173109.686 INFO    start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWPID
lxc-start gentooContainer 20190430173109.686 INFO    start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWUTS
lxc-start gentooContainer 20190430173109.686 INFO    start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWIPC
lxc-start gentooContainer 20190430173109.686 INFO    start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWNET
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved mnt namespace via fd 15
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved pid namespace via fd 16
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved uts namespace via fd 17
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved ipc namespace via fd 18
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved net namespace via fd 19
lxc-start gentooContainer 20190430173109.687 INFO    cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2237 - Limits for the legacy cgroup hierarchies have been setup
lxc-start gentooContainer 20190430173109.687 DEBUG    start - start.c:lxc_spawn:1754 - Preserved net namespace via fd 10
lxc-start gentooContainer 20190430173109.688 INFO    start - start.c:do_start:1254 - Unshared CLONE_NEWCGROUP
lxc-start gentooContainer 20190430173109.688 DEBUG    storage - storage/storage.c:get_storage_by_name:231 - Detected rootfs type "dir"
lxc-start gentooContainer 20190430173109.688 DEBUG    conf - conf.c:lxc_mount_rootfs:1332 - Mounted rootfs "/var/lib/lxc/gentooContainer/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)"
lxc-start gentooContainer 20190430173109.688 INFO    conf - conf.c:setup_utsname:791 - Set hostname to "gentooContainer"
lxc-start gentooContainer 20190430173109.688 INFO    network - network.c:lxc_setup_network_in_child_namespaces:3053 - network has been setup
lxc-start gentooContainer 20190430173109.688 INFO    conf - conf.c:mount_autodev:1118 - Preparing "/dev"
lxc-start gentooContainer 20190430173109.689 INFO    conf - conf.c:mount_autodev:1165 - Prepared "/dev"
lxc-start gentooContainer 20190430173109.689 INFO    conf - conf.c:lxc_fill_autodev:1209 - Populating "/dev"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/full"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/null"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/random"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/tty"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/urandom"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/zero"
lxc-start gentooContainer 20190430173109.689 INFO    conf - conf.c:lxc_fill_autodev:1286 - Populated "/dev"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2027 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2048 - Flags for "/sys/fs/fuse/connections" were 4096, required extra flags are 0
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2058 - Mountflags already were 4096, skipping remount
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "none" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/shm" with filesystem type "tmpfs"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "proc" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/proc" with filesystem type "proc"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "sys" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/sys" with filesystem type "sysfs"
lxc-start gentooContainer 20190430173109.690 INFO    conf - conf.c:mount_file_entries:2333 - Finished setting up mounts
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:lxc_setup_dev_console:1771 - Mounted pts device "/dev/pts/2" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/console"
lxc-start gentooContainer 20190430173109.690 INFO    utils - utils.c:lxc_mount_proc_if_needed:1231 - I am 1, /proc/self points to "1"
lxc-start gentooContainer 20190430173109.704 WARN    conf - conf.c:lxc_setup_devpts:1616 - Invalid argument - Failed to unmount old devpts instance
lxc-start gentooContainer 20190430173109.704 DEBUG    conf - conf.c:lxc_setup_devpts:1653 - Mount new devpts instance with options "gid=5,newinstance,ptmxmode=0666,mode=0620,max=1024"
lxc-start gentooContainer 20190430173109.704 DEBUG    conf - conf.c:lxc_setup_devpts:1672 - Created dummy "/dev/ptmx" file as bind mount target
lxc-start gentooContainer 20190430173109.704 DEBUG    conf - conf.c:lxc_setup_devpts:1677 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx"
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/0" with master fd 11 and slave fd 14
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/1" with master fd 15 and slave fd 16
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/2" with master fd 17 and slave fd 18
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/3" with master fd 19 and slave fd 20
lxc-start gentooContainer 20190430173109.705 INFO    conf - conf.c:lxc_allocate_ttys:1005 - Finished creating 4 tty devices
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/0" onto "/dev/tty1"
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/1" onto "/dev/tty2"
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/2" onto "/dev/tty3"
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/3" onto "/dev/tty4"
lxc-start gentooContainer 20190430173109.706 INFO    conf - conf.c:lxc_setup_ttys:949 - Finished setting up 4 /dev/tty<N> device(s)
lxc-start gentooContainer 20190430173109.706 INFO    conf - conf.c:setup_personality:1716 - Set personality to "0x0"
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped mac_admin (33) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped mac_override (32) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped sys_time (25) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped sys_module (16) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped sys_rawio (17) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2529 - Capabilities have been setup
lxc-start gentooContainer 20190430173109.706 NOTICE  conf - conf.c:lxc_setup:3716 - The container "gentooContainer" is set up
lxc-start gentooContainer 20190430173109.706 INFO    lsm - lsm/lsm.c:lsm_process_label_set_at:178 - Set AppArmor label to "lxc-gentooContainer_</var/lib/lxc>//&:lxc-gentooContainer_<-var-lib-lxc>:"
lxc-start gentooContainer 20190430173109.706 INFO    apparmor - lsm/apparmor.c:apparmor_process_label_set:1101 - Changed AppArmor profile to lxc-gentooContainer_</var/lib/lxc>//&:lxc-gentooContainer_<-var-lib-lxc>:
lxc-start gentooContainer 20190430173109.706 WARN    cgfsng - cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
lxc-start gentooContainer 20190430173109.706 ERROR    cgfsng - cgroups/cgfsng.c:cg_legacy_set_data:2191 - Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy
lxc-start gentooContainer 20190430173109.707 WARN    cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2228 - Failed to set "devices.deny" to "a"
lxc-start gentooContainer 20190430173109.707 ERROR    start - start.c:lxc_spawn:1814 - Failed to setup legacy device cgroup controller limits
lxc-start gentooContainer 20190430173109.707 DEBUG    network - network.c:lxc_delete_network:3180 - Deleted network devices
lxc-start gentooContainer 20190430173109.708 ERROR    start - start.c:__lxc_start:1951 - Failed to spawn container "gentooContainer"
lxc-start gentooContainer 20190430173109.895 ERROR    lxc_start - tools/lxc_start.c:main:330 - The container failed to start
lxc-start gentooContainer 20190430173109.895 ERROR    lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options

hkjz 04-30-2019 01:05 PM
Code:
cgfsng - cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
does this thing tell anything to anyone?

hkjz 05-03-2019 06:33 AM
Code:

$ lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-4.19.0-1-amd64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points:
/sys/fs/cgroup/systemd

Cgroup v2 mount points:


Cgroup v1 freezer controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities:

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
new tool which is
$ lxc-checkconfig
came into play,
does this time, the outcome can help anyhow in solving the riddle of LXC?


shortly,
what came up from checkconfig is
1.
Kernel configuration not found at /proc/config.gz; searching...

2.
Cgroup v1 freezer controller: missing

3.
newuidmap is not installed
newgidmap is not installed
(apt install newuidmap/newgidmap doesnt help)

4.there are plenty of not loaded things
Code:
--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded

Lisux 05-03-2019 10:22 AM
Did you get this working?

I'm running in to the same problem. Unprivileged container. I get everything set up but it always fails with:

Quote:
lxc-start testcontainer 20190503151946.433 INFO apparmor - lsm/apparmor.c:apparmor_process_label_set:249 - Changed apparmor profile to lxc-container-default-cgns
lxc-start testcontainer 20190503151946.435 WARN cgfsng - cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
lxc-start testcontainer 20190503151946.435 ERROR cgfsng - cgroups/cgfsng.c:cg_legacy_set_data:2191 - Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy
lxc-start testcontainer 20190503151946.435 WARN cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2228 - Failed to set "devices.deny" to "a"
I can't get any more detailed information from this error. I have tried both with Arch Linux (latest code) and Ubuntu 18.04 hosts and they get the exact same error.

hkjz 05-03-2019 11:18 AM
Hey,
I made containers running on VM Ubuntu Server without problem.

So far on my client machine Linux i have no luck,
i know though that updating LXC from 2.0.7 to 3.1 and installing apparmor moved my case a little bit forward

Code:
$ sudo apt install apparmor-profiles
$ sudo apt install apparmor-profiles-extra
$ sudo apt install apparmor-utils

$ sudo apparmor_status

$ sudo /etc/init.d/apparmor start

$ sudo lxc-start -f -n myContainter
but in your case... we are most probably standing in the same point :))

Lisux 05-05-2019 06:28 AM
OK, I got it working in Ubuntu at least.

The the container config I removed:
Code:
#lxc.include = /usr/share/lxc/config/common.conf
Then I added:
Code:
lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
Now I can start the container as a regular user. I still need to look at Arch Linux to see if I can get it working but I imagine it's going to require something similar.

It took a massive amount of effort to figure this out. The documentation is severely lacking and searching for the errors on the 'Net does not yield results.

Edit:
Arch Linux is similar. The "userns.conf" seems to be the key.
Code:
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/userns.conf

RickDeckard 05-08-2019 06:24 PM
Arch Linux's default posture lacks support for unprivileged user namespaces, something which I can halfway understand given the searches you can make on Exploit-DB or the like even today -- there was a systemd issue just a week or so ago which allowed the creation of random setuid binaries via unprivileged namespaces.


All times are GMT -5. The time now is 10:20 PM.