[Bug 1386840] Re: failure to start a container

Felipe Reyes 1386840 at bugs.launchpad.net
Tue Feb 3 12:38:48 UTC 2015 

Patch to backport the fix into utopic.

** Description changed:

+ [Impact]
+ 
+ Without this patch containers that don't have a complete apparmor
+ configuration fail to start. Making lxc unusable to run Debian Sid and Jessie
+ (at least).
+ 
+ This bug is not present in Trusty, which ships 1.0.7 (Debian Sid runs
+ OK).
+ 
+ [Test Case]
+ 
+ - Create a debian sid container
+   $ sudo env SUITE=sid lxc-create -t debian -n sid
+ 
+ - Start the container
+   $ sudo lxc-start -n sid
+ 
+ Expected behavior:
+ 
+ The container is started
+ 
+ Actual behavior:
+ 
+ $ sudo lxc-start -F -n sid
+ lxc-start: lsm/apparmor.c: mount_feature_enabled: 61 Permission denied - Error mounting securityfs
+ lxc-start: lsm/apparmor.c: apparmor_process_label_set: 186 If you really want to start this container, set
+ lxc-start: lsm/apparmor.c: apparmor_process_label_set: 187 lxc.aa_allow_incomplete = 1
+ lxc-start: lsm/apparmor.c: apparmor_process_label_set: 188 in your container configuration file
+ lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 4
+ lxc-start: start.c: __lxc_start: 1087 failed to spawn 'sid'
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing name=systemd:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing perf_event:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing net_prio:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing net_cls:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing memory:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing hugetlb:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing freezer:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing devices:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing cpuset:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing cpuacct:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing cpu:lxc/sid-2
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
+ lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing blkio:lxc/sid-2
+ lxc-start: lxc_start.c: main: 337 The container failed to start.
+ lxc-start: lxc_start.c: main: 341 Additional information can be obtained by setting the --logfile and --logpriority options.
+ 
+ 
+ [Regression Potential]
+ 
+ No regressions expected, different versions of Ubuntu and Debian containers
+ were tested with this patch applied.
+ 
+ [Other Info]
+ 
  On utopic using lxc version 1.1.0~alpha2-0ubuntu3, I was unable to start
  a container.
  
  $ sudo lxc-start -F -n lxc-errors
  lxc-start: lsm/apparmor.c: mount_feature_enabled: 61 Permission denied - Error mounting securityfs
  lxc-start: lsm/apparmor.c: apparmor_process_label_set: 186 If you really want to start this container, set
  lxc-start: lsm/apparmor.c: apparmor_process_label_set: 187 lxc.aa_allow_incomplete = 1
  lxc-start: lsm/apparmor.c: apparmor_process_label_set: 188 in your container configuration file
  lxc-start: sync.c: __sync_wait: 51 invalid sequence number 1. expected 4
  lxc-start: start.c: __lxc_start: 1087 failed to spawn 'lxc-errors'
  lxc-start: cgmanager.c: cgm_remove_cgroup: 503 call to cgmanager_remove_sync failed: invalid request
  lxc-start: cgmanager.c: cgm_remove_cgroup: 505 Error removing name=systemd:lxc/lxc-errors-2
  
  Switching to the version of lxc in http://ppa.launchpad.net/ubuntu-
  lxc/daily/ resolved the failure to start for me.

** Summary changed:

- failure to start a container
+ [SRU] failure to start a container

** Changed in: lxc (Ubuntu Trusty)
     Assignee: Felipe Reyes (freyes) => (unassigned)

** Patch added: "utopic_lp1386840.debdiff"
   https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1386840/+attachment/4311145/+files/utopic_lp1386840.debdiff

** Changed in: lxc (Ubuntu Trusty)
       Status: Confirmed => Incomplete

** Changed in: lxc (Ubuntu Utopic)
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1386840

Title:
  [SRU] failure to start a container

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1386840/+subscriptions

More information about the Ubuntu-server-bugs mailing list