Package: lxc Version: 1:1.0.6-5 Severity: normal Dear LXC Maintainers,
There appears to be issues when loading seccomp sandboxing while trying
to start lxc containers using x64_86 kernels on i386 environments.
The issue persists on lxc 1:1.0.7-1 as well.
# lxc-start --logpriority=DEBUG -n vgeei
lxc-start: seccomp.c: get_new_ctx: 167 Seccomp error -17 (Unknown error
-17) adding arch: 2
lxc-start: start.c: lxc_init: 382 failed loading seccomp policy
lxc-start: start.c: __lxc_start: 1045 failed to initialize the container
lxc-start: lxc_start.c: main: 342 The container failed to start.
lxc-start: lxc_start.c: main: 346 Additional information can be obtained
by setting the --logfile and --logpriority options.
# cat vgeei.log
lxc-start 1418852466.791 INFO lxc_start_ui -
lxc_start.c:main:265 - using rcfile /var/lib/lxc/vgeei/config
lxc-start 1418852466.791 WARN lxc_log - log.c:lxc_log_init:316
- lxc_log_init called with log already initialized
lxc-start 1418852466.792 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
cpuset unknown to /var/lib/lxc vgeei
lxc-start 1418852466.792 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpu
unknown to /var/lib/lxc vgeei
lxc-start 1418852466.792 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
devices unknown to /var/lib/lxc vgeei
lxc-start 1418852466.792 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
freezer unknown to /var/lib/lxc vgeei
lxc-start 1418852466.792 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
net_cls unknown to /var/lib/lxc vgeei
lxc-start 1418852466.792 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
blkio unknown to /var/lib/lxc vgeei
lxc-start 1418852466.792 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
perf_event unknown to /var/lib/lxc vgeei
lxc-start 1418852466.792 INFO lxc_lsm - lsm/lsm.c:lsm_init:48
- LSM security driver nop
lxc-start 1418852466.793 ERROR lxc_seccomp -
seccomp.c:get_new_ctx:167 - Seccomp error -17 (Unknown error -17) adding
arch: 2
lxc-start 1418852466.793 ERROR lxc_start - start.c:lxc_init:382
- failed loading seccomp policy
lxc-start 1418852466.793 ERROR lxc_start -
start.c:__lxc_start:1045 - failed to initialize the container
lxc-start 1418852466.793 ERROR lxc_start_ui -
lxc_start.c:main:342 - The container failed to start.
lxc-start 1418852466.793 ERROR lxc_start_ui -
lxc_start.c:main:346 - Additional information can be obtained by setting
the --logfile and --logpriority options.
This might not be the most suitable common scenario for average users (a
32bits container on a 64bits kernel and 32bits environment), but I'm
tempted to think the fix might be simple, although I couldn't get into
the core problem since it doesn't seem to be cause by a seccomp profile
at a first glance....
Any ideas?
Thanks in advance!
Cheers,
Dererk
--
BOFH excuse #53:
Little hamster in running wheel had coronary; waiting for replacement to be
Fedexed from Wyoming
signature.asc
Description: OpenPGP digital signature
