Public bug reported:
I created a privilege container on Xenial using command "sudo lxc-create
-n test-privilege -t ubuntu", and container hits failed to reset
devices.list errors for every boot:
root@psyduck-maas20:/var/lib/lxc# sudo lxc-start -n test-privilege -F
systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK
+SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID
+ELFUTILS +KMOD -IDN)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to Ubuntu 16.04 LTS!
Set hostname to <test-privilege>.
Failed to install release agent, ignoring: No such file or directory
[ OK ] Reached target Swap.
[ OK ] Listening on Syslog Socket.
Failed to reset devices.list on /system.slice: Operation not permitted
[ OK ] Created slice System Slice.
Failed to reset devices.list on /system.slice/system-getty.slice: Operation not
permitted
[ OK ] Created slice system-getty.slice.
[ OK ] Reached target Encrypted Volumes.
[ OK ] Reached target Remote File Systems (Pre).
[ OK ] Reached target Remote File Systems.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Listening on Journal Audit Socket.
[ OK ] Listening on Journal Socket.
Failed to reset devices.list on /system.slice/dev-hugepages.mount: Operation
not permitted
Mounting Huge Pages File System...
Failed to reset devices.list on /system.slice/systemd-journald.service:
Operation not permitted
Starting Journal Service...
Failed to reset devices.list on /system.slice/resolvconf.service: Operation not
permitted
Starting Nameserver information manager...
Failed to reset devices.list on /system.slice/systemd-remount-fs.service:
Operation not permitted
Starting Remount Root and Kernel File Systems...
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
Failed to reset devices.list on /system.slice/system-container\x2dgetty.slice:
Operation not permitted
[ OK ] Created slice system-container\x2dgetty.slice.
[ OK ] Reached target Slices.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Reached target Sockets.
Failed to reset devices.list on /system.slice/dev-lxc-tty4.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/sys-kernel-debug.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/dev-lxc-tty2.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/-.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-lxc-tty1.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/dev-mqueue.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/dev-lxc-tty3.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/proc-diskstats.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/sys-fs-fuse-connections.mount:
Operation not permitted
Failed to reset devices.list on /system.slice/proc-meminfo.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/proc-uptime.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/sys-devices-virtual-net.mount:
Operation not permitted
Failed to reset devices.list on /system.slice/dev-lxc-console.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/proc-sys-net.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/proc-swaps.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/proc-sysrq\x2dtrigger.mount:
Operation not permitted
Failed to reset devices.list on /system.slice/proc-stat.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/proc-cpuinfo.mount: Operation not
permitted
Failed to reset devices.list on /init.scope: Operation not permitted
[ OK ] Mounted Huge Pages File System.
[ OK ] Started Remount Root and Kernel File Systems.
Failed to reset devices.list on /system.slice/systemd-random-seed.service:
Operation not permitted
Starting Load/Save Random Seed...
[ OK ] Reached target Local File Systems (Pre).
[ OK ] Reached target Local File Systems.
Failed to reset devices.list on /system.slice/systemd-remount-fs.service:
Operation not permitted
[ OK ] Started Journal Service.
Starting Flush Journal to Persistent Storage...
[ OK ] Started Nameserver information manager.
Starting Raise network interfaces...
[ OK ] Started Load/Save Random Seed.
[ OK ] Started Flush Journal to Persistent Storage.
Starting Create Volatile Files and Directories...
[ OK ] Started Create Volatile Files and Directories.
Starting Update UTMP about System Boot/Shutdown...
[ OK ] Reached target System Time Synchronized.
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Started Trigger resolvconf update for networkd DNS.
[ OK ] Reached target Paths.
[ OK ] Reached target Basic System.
[ OK ] Started Regular background program processing daemon.
Starting System Logging Service...
Starting getty on tty2-tty6 if dbus and logind are not available...
Starting Permit User Sessions...
[ OK ] Started Daily Cleanup of Temporary Directories.
Starting LSB: Set the CPU Frequency Scaling governor to "ondemand"...
[ OK ] Started Daily apt activities.
[ OK ] Reached target Timers.
[ OK ] Started System Logging Service.
[ OK ] Started Permit User Sessions.
[ OK ] Started getty on tty2-tty6 if dbus and logind are not available.
[ OK ] Started LSB: Set the CPU Frequency Scaling governor to "ondemand".
[ OK ] Started Raise network interfaces.
[ OK ] Reached target Network.
Starting /etc/rc.local Compatibility...
Starting OpenBSD Secure Shell server...
[ OK ] Started /etc/rc.local Compatibility.
[ OK ] Started Console Getty.
[ OK ] Started Container Getty on /dev/pts/1.
[ OK ] Started Container Getty on /dev/pts/2.
[ OK ] Started Container Getty on /dev/pts/0.
[ OK ] Started Container Getty on /dev/pts/3.
[ OK ] Reached target Login Prompts.
[ OK ] Started OpenBSD Secure Shell server.
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.
Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Update UTMP about System Runlevel Changes.
Ubuntu 16.04 LTS test-privilege console
test-privilege login:
These are the package versions:
root@psyduck-maas20:~# dpkg -l|grep lxc
ii liblxc1 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools (library)
ii lxc 2.0.0-0ubuntu2 all
Transitional package for lxc1
ii lxc-common 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools (common tools)
ii lxc-templates 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools (templates)
ii lxc1 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools
ii lxcfs 2.0.0-0ubuntu2.1 amd64
FUSE based filesystem for LXC
ii python3-lxc 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools (Python 3.x bindings)
root@psyduck-maas20:~# uname -a
Linux psyduck-maas20 4.4.0-22-generic #39-Ubuntu SMP Thu May 5 16:53:32 UTC
2016 x86_64 x86_64 x86_64 GNU/Linux
root@psyduck-maas20:~#
Per IRC conversation with hallyn, we should not be seeing those given
that the container is privileged.
Additional data:
ubuntu@maas-development-may:/proc/self$ cat uid_map
0 0 4294967295
ubuntu@maas-development-may:/proc/self$ cat /proc/self/cgroups
cat: /proc/self/cgroups: No such file or directory
ubuntu@maas-development-may:/proc/self$ cat /proc/self/
attr/ cmdline environ io mem
ns/ pagemap schedstat stat timers
autogroup comm exe limits mountinfo
numa_maps personality sessionid statm uid_map
auxv coredump_filter fd/ loginuid mounts
oom_adj projid_map setgroups status wchan
cgroup cpuset fdinfo/ map_files/ mountstats
oom_score root/ smaps syscall
clear_refs cwd/ gid_map maps net/
oom_score_adj sched stack task/
ubuntu@maas-development-may:/proc/self$ cat /proc/self/cgroup
11:hugetlb:/
10:freezer:/
9:perf_event:/
8:net_cls,net_prio:/
7:pids:/system.slice/ssh.service
6:memory:/
5:blkio:/
4:devices:/system.slice/ssh.service
3:cpu,cpuacct:/
2:cpuset:/
1:name=systemd:/system.slice/ssh.service
** Affects: lxc (Ubuntu)
Importance: Undecided
Status: New
** Tags: oil
** Description changed:
- I created a privilege container on Xenial, and I ran into these errors
- when starting the container:
+ I created a privilege container on Xenial using command "sudo lxc-create
+ -n test-privilege -t ubuntu", and container hits failed to reset
+ devices.list errors for every boot:
root@psyduck-maas20:/var/lib/lxc# sudo lxc-start -n test-privilege -F
systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR
+SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP
+BLKID +ELFUTILS +KMOD -IDN)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to Ubuntu 16.04 LTS!
Set hostname to <test-privilege>.
Failed to install release agent, ignoring: No such file or directory
[ OK ] Reached target Swap.
[ OK ] Listening on Syslog Socket.
Failed to reset devices.list on /system.slice: Operation not permitted
[ OK ] Created slice System Slice.
Failed to reset devices.list on /system.slice/system-getty.slice: Operation
not permitted
[ OK ] Created slice system-getty.slice.
[ OK ] Reached target Encrypted Volumes.
[ OK ] Reached target Remote File Systems (Pre).
[ OK ] Reached target Remote File Systems.
[ OK ] Listening on Journal Socket (/dev/log).
[ OK ] Started Forward Password Requests to Wall Directory Watch.
[ OK ] Listening on Journal Audit Socket.
[ OK ] Listening on Journal Socket.
Failed to reset devices.list on /system.slice/dev-hugepages.mount: Operation
not permitted
- Mounting Huge Pages File System...
+ Mounting Huge Pages File System...
Failed to reset devices.list on /system.slice/systemd-journald.service:
Operation not permitted
- Starting Journal Service...
+ Starting Journal Service...
Failed to reset devices.list on /system.slice/resolvconf.service: Operation
not permitted
- Starting Nameserver information manager...
+ Starting Nameserver information manager...
Failed to reset devices.list on /system.slice/systemd-remount-fs.service:
Operation not permitted
- Starting Remount Root and Kernel File Systems...
+ Starting Remount Root and Kernel File Systems...
[ OK ] Started Dispatch Password Requests to Console Directory Watch.
Failed to reset devices.list on
/system.slice/system-container\x2dgetty.slice: Operation not permitted
[ OK ] Created slice system-container\x2dgetty.slice.
[ OK ] Reached target Slices.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Reached target Sockets.
Failed to reset devices.list on /system.slice/dev-lxc-tty4.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/sys-kernel-debug.mount:
Operation not permitted
Failed to reset devices.list on /system.slice/dev-lxc-tty2.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/-.mount: Operation not permitted
Failed to reset devices.list on /system.slice/dev-lxc-tty1.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/dev-mqueue.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/dev-lxc-tty3.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/proc-diskstats.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/sys-fs-fuse-connections.mount:
Operation not permitted
Failed to reset devices.list on /system.slice/proc-meminfo.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/proc-uptime.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/sys-devices-virtual-net.mount:
Operation not permitted
Failed to reset devices.list on /system.slice/dev-lxc-console.mount:
Operation not permitted
Failed to reset devices.list on /system.slice/proc-sys-net.mount: Operation
not permitted
Failed to reset devices.list on /system.slice/proc-swaps.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/proc-sysrq\x2dtrigger.mount:
Operation not permitted
Failed to reset devices.list on /system.slice/proc-stat.mount: Operation not
permitted
Failed to reset devices.list on /system.slice/proc-cpuinfo.mount: Operation
not permitted
Failed to reset devices.list on /init.scope: Operation not permitted
[ OK ] Mounted Huge Pages File System.
[ OK ] Started Remount Root and Kernel File Systems.
Failed to reset devices.list on /system.slice/systemd-random-seed.service:
Operation not permitted
- Starting Load/Save Random Seed...
+ Starting Load/Save Random Seed...
[ OK ] Reached target Local File Systems (Pre).
[ OK ] Reached target Local File Systems.
Failed to reset devices.list on /system.slice/systemd-remount-fs.service:
Operation not permitted
[ OK ] Started Journal Service.
- Starting Flush Journal to Persistent Storage...
+ Starting Flush Journal to Persistent Storage...
[ OK ] Started Nameserver information manager.
- Starting Raise network interfaces...
+ Starting Raise network interfaces...
[ OK ] Started Load/Save Random Seed.
[ OK ] Started Flush Journal to Persistent Storage.
- Starting Create Volatile Files and Directories...
+ Starting Create Volatile Files and Directories...
[ OK ] Started Create Volatile Files and Directories.
- Starting Update UTMP about System Boot/Shutdown...
+ Starting Update UTMP about System Boot/Shutdown...
[ OK ] Reached target System Time Synchronized.
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Started Trigger resolvconf update for networkd DNS.
[ OK ] Reached target Paths.
[ OK ] Reached target Basic System.
[ OK ] Started Regular background program processing daemon.
- Starting System Logging Service...
- Starting getty on tty2-tty6 if dbus and logind are not available...
- Starting Permit User Sessions...
+ Starting System Logging Service...
+ Starting getty on tty2-tty6 if dbus and logind are not available...
+ Starting Permit User Sessions...
[ OK ] Started Daily Cleanup of Temporary Directories.
- Starting LSB: Set the CPU Frequency Scaling governor to "ondemand"...
+ Starting LSB: Set the CPU Frequency Scaling governor to "ondemand"...
[ OK ] Started Daily apt activities.
[ OK ] Reached target Timers.
[ OK ] Started System Logging Service.
[ OK ] Started Permit User Sessions.
[ OK ] Started getty on tty2-tty6 if dbus and logind are not available.
[ OK ] Started LSB: Set the CPU Frequency Scaling governor to "ondemand".
[ OK ] Started Raise network interfaces.
[ OK ] Reached target Network.
- Starting /etc/rc.local Compatibility...
- Starting OpenBSD Secure Shell server...
+ Starting /etc/rc.local Compatibility...
+ Starting OpenBSD Secure Shell server...
[ OK ] Started /etc/rc.local Compatibility.
[ OK ] Started Console Getty.
[ OK ] Started Container Getty on /dev/pts/1.
[ OK ] Started Container Getty on /dev/pts/2.
[ OK ] Started Container Getty on /dev/pts/0.
[ OK ] Started Container Getty on /dev/pts/3.
[ OK ] Reached target Login Prompts.
[ OK ] Started OpenBSD Secure Shell server.
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.
- Starting Update UTMP about System Runlevel Changes...
+ Starting Update UTMP about System Runlevel Changes...
[ OK ] Started Update UTMP about System Runlevel Changes.
Ubuntu 16.04 LTS test-privilege console
test-privilege login:
-
These are the package versions:
root@psyduck-maas20:~# dpkg -l|grep lxc
ii liblxc1 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools (library)
ii lxc 2.0.0-0ubuntu2 all
Transitional package for lxc1
ii lxc-common 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools (common tools)
ii lxc-templates 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools (templates)
ii lxc1 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools
ii lxcfs 2.0.0-0ubuntu2.1 amd64
FUSE based filesystem for LXC
ii python3-lxc 2.0.0-0ubuntu2 amd64
Linux Containers userspace tools (Python 3.x bindings)
root@psyduck-maas20:~# uname -a
Linux psyduck-maas20 4.4.0-22-generic #39-Ubuntu SMP Thu May 5 16:53:32 UTC
2016 x86_64 x86_64 x86_64 GNU/Linux
- root@psyduck-maas20:~#
+ root@psyduck-maas20:~#
Per IRC conversation with hallyn, we should not be seeing those given
that the container is privileged.
-
Additional data:
- ubuntu@maas-development-may:/proc/self$ cat uid_map
- 0 0 4294967295
+ ubuntu@maas-development-may:/proc/self$ cat uid_map
+ 0 0 4294967295
ubuntu@maas-development-may:/proc/self$ cat /proc/self/cgroups
cat: /proc/self/cgroups: No such file or directory
ubuntu@maas-development-may:/proc/self$ cat /proc/self/
- attr/ cmdline environ io mem
ns/ pagemap schedstat stat
timers
- autogroup comm exe limits mountinfo
numa_maps personality sessionid statm
uid_map
- auxv coredump_filter fd/ loginuid mounts
oom_adj projid_map setgroups status
wchan
- cgroup cpuset fdinfo/ map_files/
mountstats oom_score root/ smaps syscall
- clear_refs cwd/ gid_map maps net/
oom_score_adj sched stack task/
+ attr/ cmdline environ io mem
ns/ pagemap schedstat stat
timers
+ autogroup comm exe limits mountinfo
numa_maps personality sessionid statm
uid_map
+ auxv coredump_filter fd/ loginuid mounts
oom_adj projid_map setgroups status wchan
+ cgroup cpuset fdinfo/ map_files/
mountstats oom_score root/ smaps syscall
+ clear_refs cwd/ gid_map maps net/
oom_score_adj sched stack task/
ubuntu@maas-development-may:/proc/self$ cat /proc/self/cgroup
11:hugetlb:/
10:freezer:/
9:perf_event:/
8:net_cls,net_prio:/
7:pids:/system.slice/ssh.service
6:memory:/
5:blkio:/
4:devices:/system.slice/ssh.service
3:cpu,cpuacct:/
2:cpuset:/
1:name=systemd:/system.slice/ssh.service
** Summary changed:
- Failure to reset devices on LXC privileged containers on Xenial
+ Failure to reset devices.list on LXC privileged containers on Xenial
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1582364
Title:
Failure to reset devices.list on LXC privileged containers on Xenial
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1582364/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
