Package: lxc Version: 1:3.1.0+really3.0.4-1 Severity: normal Hi
After an update of lxc and liblxc1 to 1:3.1.0+really3.0.4-1 privileged container do not start anymore on an affected host (this might be a problem specific, but not entirely sure if it is a bug in the package or it's here a user error). The host is already at 1:3.1.0+really3.0.4-1 and creating a new container: sudo lxc-create -n test-container -t debian -- -r sid and starting it sudo lxc-start -n test-container --logfile=/tmp/test-container.log -l DEBUG fails to start: lxc-start: test-container: lxccontainer.c: wait_on_daemonized_start: 851 Received container state "STOPPING" instead of "RUNNING" lxc-start: test-container: tools/lxc_start.c: main: 329 The container failed to start lxc-start: test-container: tools/lxc_start.c: main: 332 To get more details, run the container in foreground mode lxc-start: test-container: tools/lxc_start.c: main: 335 Additional information can be obtained by setting the --logfile and --logpriority options And in detail the test-container.log contains: lxc-start test-container 20190810144707.635 INFO lxccontainer - lxccontainer.c:do_lxcapi_start:971 - Set process title to [lxc monitor] /var/lib/lxc test-container lxc-start test-container 20190810144707.636 INFO lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount # comment this to allow umount -f; not recommended" lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill) lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill) lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill) lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill) lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]" lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1" lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno) lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1" lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1" lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1" lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1" lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno) lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context lxc-start test-container 20190810144707.637 DEBUG terminal - terminal.c:lxc_terminal_peer_default:676 - No such device - The process does not have a controlling terminal lxc-start test-container 20190810144707.739 INFO start - start.c:lxc_init:926 - Container "test-container" is initialized lxc-start test-container 20190810144707.739 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset lxc-start test-container 20190810144707.739 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1" lxc-start test-container 20190810144707.740 INFO cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1403 - The monitor process uses "lxc.monitor/test-container" as cgroup lxc-start test-container 20190810144707.740 ERROR cgfsng - cgroups/cgfsng.c:__do_cgroup_enter:1498 - No space left on device - Failed to enter cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/test-container/cgroup.procs" lxc-start test-container 20190810144707.740 ERROR start - start.c:__lxc_start:2004 - Failed to enter monitor cgroup lxc-start test-container 20190810144707.740 DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:839 - First child 31136 exited lxc-start test-container 20190810144707.740 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:851 - Received container state "STOPPING" instead of "RUNNING" lxc-start test-container 20190810144707.741 ERROR lxc_start - tools/lxc_start.c:main:329 - The container failed to start lxc-start test-container 20190810144707.741 ERROR lxc_start - tools/lxc_start.c:main:332 - To get more details, run the container in foreground mode lxc-start test-container 20190810144707.741 ERROR lxc_start - tools/lxc_start.c:main:335 - Additional information can be obtained by setting the --logfile and --logpriority options lxc-start test-container 20190810144707.837 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset lxc-start test-container 20190810144707.837 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1" lxc-start test-container 20190810144707.837 WARN cgfsng - cgroups/cgfsng.c:cgfsng_monitor_destroy:1178 - No space left on device - Failed to move monitor 31137 to "/sys/fs/cgroup/cpuset//lxc.pivot/cgroup.procs" Downgrading to 1:3.1.0+really3.0.3-8 allows the containers to start again. But as said I'm unsure here if this might be a bug in 1:3.1.0+really3.0.4-1. I will try to reproduce as well on a fresh installation starting in buster and installing lxc there, then upgrading to unstable and see if the issue is reproducible in general. The affected host is one constantly following unstable and regularly installing updates, so the lxc/liblxc1 updat happended when 1:3.1.0+really3.0.4-1 was uploaded to unstable. Regards, Salvatore -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages lxc depends on: ii debconf [debconf-2.0] 1.5.73 ii libc6 2.28-10 ii libcap2 1:2.25-2 ii libgcc1 1:9.1.0-10 ii liblxc1 1:3.1.0+really3.0.4-1 ii libseccomp2 2.4.1-2 ii libselinux1 2.9-2+b2 ii lsb-base 10.2019051400 Versions of packages lxc recommends: ii apparmor 2.13.3-4 ii bridge-utils 1.6-2 ii debootstrap 1.0.115 ii dirmngr 2.2.17-3 ii dnsmasq-base [dnsmasq-base] 2.80-1 ii gnupg 2.2.17-3 ii iproute2 5.2.0-1 ii iptables 1.8.3-2 pn libpam-cgfs <none> ii lxc-templates 3.0.3-1+b1 pn lxcfs <none> ii openssl 1.1.1c-1 ii rsync 3.1.3-6+b1 pn uidmap <none> Versions of packages lxc suggests: pn btrfs-progs <none> ii lvm2 2.03.02-3 ii python3-lxc 1:3.0.3-1+b1 -- Configuration Files: /etc/lxc/default.conf changed: lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = virbr0 lxc.apparmor.profile = generated lxc.apparmor.allow_nesting = 1 -- debconf information: * lxc/auto_update_config: true
