elogind interferes with networking with unprivileged lxc 4.x containers.
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
elogind interferes with networking with unprivileged lxc 4.x containers.
The current implementation of elogind symlinks /sys/fs/cgroup/elogind to /sys/fs/cgroup/systemd: this breaks the container networking. The following patch resolves the issue:
Code:
--- /tmp/rc.elogind 2021-02-04 21:44:49.967760523 -0500
+++ /etc/rc.d/rc.elogind 2021-02-05 18:36:16.063994239 -0500
@@ -22,10 +22,8 @@
if [ ! -d /run/user ]; then
mkdir -p /run/user
fi
- if [ ! -d /run/systemd ]; then
+ if [ ! -d /run/elogind ]; then
mkdir -p /run/elogind /sys/fs/cgroup/elogind
- ( cd /run; rm -rf systemd; ln -sf elogind systemd; )
- ( cd /sys/fs/cgroup; rm -rf systemd; ln -sf elogind systemd; )
fi
if pgrep -l -F /run/elogind.pid 2>/dev/null | grep -q elogind; then
echo "Elogind is already running"
The current implementation of elogind symlinks /sys/fs/cgroup/elogind to /sys/fs/cgroup/systemd: this breaks the container networking. The following patch resolves the issue:
Code:
--- /tmp/rc.elogind 2021-02-04 21:44:49.967760523 -0500
+++ /etc/rc.d/rc.elogind 2021-02-05 18:36:16.063994239 -0500
@@ -22,10 +22,8 @@
if [ ! -d /run/user ]; then
mkdir -p /run/user
fi
- if [ ! -d /run/systemd ]; then
+ if [ ! -d /run/elogind ]; then
mkdir -p /run/elogind /sys/fs/cgroup/elogind
- ( cd /run; rm -rf systemd; ln -sf elogind systemd; )
- ( cd /sys/fs/cgroup; rm -rf systemd; ln -sf elogind systemd; )
fi
if pgrep -l -F /run/elogind.pid 2>/dev/null | grep -q elogind; then
echo "Elogind is already running"
Did you know where ConsoleKit2 failed like a boss, in my humble opinion?
It invented nothing new, as it was an ideology driven clone of logind, while required to entire software world to patch themselves, because those little "differences" on behavior compared with logind.
Looking at ConsoleKit2 (hi)story, let's do not invent "our elogind" compatible with nothing else, and instead you can look how to adapt that "container networking" to work well with elogind as it is right now.
Because that's the real problem: the elogind is a fairly new API introduced in Slackware and probably not all system features are yet well integrated with it. For example, you just discovered that that container networking does not work well.
Last edited by ZhaoLin1457; 02-06-2021 at 01:57 AM.
Out of curiosity, what does LXC 4.0.x provide that is missing in the default Slackware LXC 2.0.x implementation? I'm running Slackware 14.2 hosts with LXC 2.0.9 unprivileged containers. I'm blissfully unaware of what features or security issues I may be missing.
Out of curiosity, what does LXC 4.0.x provide that is missing in the default Slackware LXC 2.0.x implementation? I'm running Slackware 14.2 hosts with LXC 2.0.9 unprivileged containers. I'm blissfully unaware of what features or security issues I may be missing.
LXC 2.x will be EOL in June of this year; 4.x will be supported until 2025. Additionally, l just wanted to play with 4.x. What OS are you running in your containers? I'm currently using ubuntu: I wanted to see if I could run a GUI app in the container and have it display on the host.
LXC 2.x will be EOL in June of this year; 4.x will be supported until 2025. Additionally, l just wanted to play with 4.x. What OS are you running in your containers? I'm currently using ubuntu: I wanted to see if I could run a GUI app in the container and have it display on the host.
Excuse my ignorance, BUT I understand that you run Ubuntu in a LXC container, while having Slackware as host?
So, in other words, you run Ubuntu with a Slackware kernel? What could gone wrong?
However, leave the elogind alone!
I bet that the issues are in your LXC 4.0 build and in the mode how you use it.
Last edited by LuckyCyborg; 02-06-2021 at 12:30 PM.
LXC 2.x will be EOL in June of this year; 4.x will be supported until 2025. Additionally, l just wanted to play with 4.x. What OS are you running in your containers? I'm currently using ubuntu: I wanted to see if I could run a GUI app in the container and have it display on the host.
Ah, the EOL info is good to know. I'm running Slackware 14.2 or current in all the containers. The containers are headless & GUI-less with each focused on a different primary/secondary function. The hosts are both 14.2 in a mirrored config.
with the elogind patch my Oracle Container start on Slackware, but give error for systemd-hostnamed
Code:
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
Starting Login Service...
[ OK ] Started Network Manager.
[ OK ] Reached target Network.
Starting Permit User Sessions...
Starting Hostname Service...
[FAILED] Failed to start Hostname Service.
See 'systemctl status systemd-hostnamed.service' for details.
[ OK ] Started Permit User Sessions.
[ OK ] Started Console Getty.
Code:
systemctl status systemd-hostnamed.service
● systemd-hostnamed.service - Hostname Service
Loaded: loaded (/usr/lib/systemd/system/systemd-hostnamed.service; static; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2021-02-20 03:40:20 UTC; 14s ago
Docs: man:systemd-hostnamed.service(8)
man:hostname(5)
man:machine-info(5)
https://www.freedesktop.org/wiki/Software/systemd/hostnamed
Process: 24 ExecStart=/usr/lib/systemd/systemd-hostnamed (code=exited, status=226/NAMESPACE)
Main PID: 24 (code=exited, status=226/NAMESPACE)
Feb 20 03:40:20 oraclelinux systemd[1]: Starting Hostname Service...
Feb 20 03:40:20 oraclelinux systemd[1]: systemd-hostnamed.service: Main process exited, code=exited, status=22
6/NAMESPACE
Feb 20 03:40:20 oraclelinux systemd[1]: systemd-hostnamed.service: Failed with result 'exit-code'.
Feb 20 03:40:20 oraclelinux systemd[1]: Failed to start Hostname Service.
Code:
journalctl -g hostnamed
-- Logs begin at Sat 2021-02-20 03:40:20 UTC, end at Sat 2021-02-20 03:41:06 UTC. --
Feb 20 03:40:20 oraclelinux systemd[1]: systemd-hostnamed.service: Failed to reset devices.list: Operation not
permitted
Feb 20 03:40:20 oraclelinux systemd[1]: Failed to set devices.allow on /system.slice/systemd-hostnamed.service
: Operation not permitted
Feb 20 03:40:20 oraclelinux systemd[1]: Failed to set devices.allow on /system.slice/systemd-hostnamed.service
: Operation not permitted
Feb 20 03:40:20 oraclelinux systemd[1]: Failed to set devices.allow on /system.slice/systemd-hostnamed.service
: Operation not permitted
Feb 20 03:40:20 oraclelinux systemd[1]: Failed to set devices.allow on /system.slice/systemd-hostnamed.service
: Operation not permitted
Feb 20 03:40:20 oraclelinux systemd[1]: Failed to set devices.allow on /system.slice/systemd-hostnamed.service
: Operation not permitted
Feb 20 03:40:20 oraclelinux systemd[1]: Failed to set devices.allow on /system.slice/systemd-hostnamed.service
: Operation not permitted
Feb 20 03:40:20 oraclelinux systemd[1]: Failed to set devices.allow on /system.slice/systemd-hostnamed.service
: Operation not permitted
Feb 20 03:40:20 oraclelinux systemd[1]: Failed to set devices.allow on /system.slice/systemd-hostnamed.service
: Operation not permitted
Feb 20 03:40:20 oraclelinux systemd[24]: systemd-hostnamed.service: Failed to set up mount namespacing: No suc
h file or directory
Feb 20 03:40:20 oraclelinux systemd[24]: systemd-hostnamed.service: Failed at step NAMESPACE spawning /usr/lib
/systemd/systemd-hostnamed: No such file or directory
Feb 20 03:40:20 oraclelinux systemd[1]: systemd-hostnamed.service: Main process exited, code=exited, status=22
6/NAMESPACE
Feb 20 03:40:20 oraclelinux systemd[1]: systemd-hostnamed.service: Failed with result 'exit-code'.
Feb 20 03:40:45 oraclelinux NetworkManager[19]: <info> [1613792445.6795] hostname: hostname: hostnamed not used as proxy creation fai
led with: Error calling StartServiceByName for org.freedesktop.hostname1: GDBus.Error:org.freedesktop.DBus.Error.TimedOut: Failed to a
ctivate service 'org.freedesktop.hostname1': timed out (service_start_timeout=25000ms)
edit: problem disappear, I download another Oracle 8 image and works all, probably something wrong on config of other container.
Last edited by camerabambai; 02-19-2021 at 09:50 PM.
The unprivileged container start and we can see the process with the subuid 100000.
If I enabled nfs autofs and rpc on start...
Code:
lxc-start -n oraclelinux
lxc-start: oraclelinux: lxccontainer.c: wait_on_daemonized_start: 859 Received container state "ABORTING" instead of "RUNNING"
lxc-start: oraclelinux: tools/lxc_start.c: main: 308 The container failed to start
lxc-start: oraclelinux: tools/lxc_start.c: main: 311 To get more details, run the container in foreground mode
lxc-start: oraclelinux: tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start: altrocontainer: tools/lxc_start.c: main: 268 No container config specified
trying to debug...
Code:
lxc-start -n oraclelinux -F -l DEBUG -o /tmp/lxc.log
lxc-start: oraclelinux: utils.c: safe_mount: 1204 Operation not permitted - Failed to mount "proc" onto "/var/lib/rootfs-lxc/proc"
lxc-start: oraclelinux: conf.c: lxc_mount_auto_mounts: 681 Operation not permitted - Failed to mount "proc" on "/var/lib/rootfs-lxc/proc" with flags 14
lxc-start: oraclelinux: conf.c: lxc_setup: 3330 Failed to setup first automatic mounts
lxc-start: oraclelinux: start.c: do_start: 1218 Failed to setup container "oraclelinux"
lxc-start: oraclelinux: sync.c: __sync_wait: 36 An error occurred in another process (expected sequence number 5)
lxc-start: oraclelinux: start.c: __lxc_start: 1999 Failed to spawn container "oraclelinux"
lxc-start: oraclelinux: tools/lxc_start.c: main: 308 The container failed to start
lxc-start: oraclelinux: tools/lxc_start.c: main: 313 Additional information can be obtained by setting the --logfile and --logpriority options
I reboot and I had the nfs server working and lxc containers starting
This looks like a bug in /etc/rc.d/rc.nfsd: there is a /proc/fs/nfsd directory, but not a /proc/fs/nfs.
I would like to reiterate that the original patch be added: elogind does not need the /sys/fs/cgroup/systemd mount, so removing it will not break anything.
This looks like a bug in /etc/rc.d/rc.nfsd: there is a /proc/fs/nfsd directory, but not a /proc/fs/nfs.
I would like to reiterate that the original patch be added: elogind does not need the /sys/fs/cgroup/systemd mount, so removing it will not break anything.
I would like to reiterate that the original patch be added: elogind does not need the /sys/fs/cgroup/systemd mount, so removing it will not break anything.
It is actually just a symlink from /sys/fs/cgroup/elogind. Back in the day when I'm hacking elogind to run in slackware for the first time, it was needed for desktop (KDE5 and GNOME3) login session controller (loginctl) since those two major DE is systemd-centric. I did not follow elogind development anymore when elogind was picked up by alienbob in it's ktown. But maybe recent DE did have support for elogind-based session controller out of the box and the symlink does not needed anymore.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.