You are not logged in.

Pages: 1

#1 2018-02-16 19:01:13

a_manthey
Member
Registered: 2017-08-21
Posts: 35

SOLVED: Lxc: can‘t start unprivileged container

So far i run browser in sandbox (firejail). Now i want to try lxc unprivileged container.
I follwed Stephane Graber‘s blog and the lxc-page in archlinux wiki.
Installation:

# pacman -S lxc lxcfs arch-install-scripts dnsmasq
# systemctl enable lxc-net
# systemctl start lxc-net

My configs:

#sysctl kernel.unprivileged_userns_clone
1

$ grep username /etc/sub* 2>/dev/null
/etc/subgid:username:100000:65537
/etc/subuid:username:100000:65537

$ cat ~/.config/lxc/lxc-usernet
username veth lxcbr0 10

$ cat ~/.config/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536

lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx

$ lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup/systemd
/sys/fs/cgroup/net_cls,net_prio
….
all others green

i can run:

$ lxc-create -t download -n up1

and select archlinux , current, amd64 and the container is created with the following config successfully:

$ cat ~/.local/share/lxc/up1/config
# Distribution configuration
lxc.include = /usr/share/lxc/config/archlinux.common.conf
lxc.include = /usr/share/lxc/config/archlinux.userns.conf
lxc.arch = x86_64

# Container specific configuration
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
lxc.rootfs.path = dir:/home/andreas/.local/share/lxc/up1/rootfs
lxc.uts.name = up

# Network configuration
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:4a:31:64

$ lxc-ls -f
NAME STATE   AUTOSTART GROUPS IPV4 IPV6 
up1  STOPPED 0

When i run 

lxc-start -n up1 –logfile=up1.log –logpriority=debug

i get the following errors:

ERROR    lxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_create:909 - Could not set clone_children to 1 for cpuset hierarchy in parent cgroup.
ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - Failed to delete /sys/fs/cgroup/blkio/user.slice
...
ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Read-only file system - Failed to delete /sys/fs/cgroup/freezer/
ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Read-only file system - Failed to delete /sys/fs/cgroup/rdma/
…

These directories and their contents are owned by root:root
i saw the suggestions here, no success.
what can i do?

PS:
on ubuntu artful i can run unprivileged container with these configs without any problems.

best regards Andreas

Last edited by a_manthey (2018-05-09 14:56:04)

Offline

#2 2018-02-17 19:26:09

Everette88
Member
Registered: 2018-02-17
Posts: 41

Re: SOLVED: Lxc: can‘t start unprivileged container

Did you tried to boot Archlinux (not container) with 

systemd.legacy_systemd_cgroup_controller=1

boot parameter?

Offline

#3 2018-02-17 20:43:10

a_manthey
Member
Registered: 2017-08-21
Posts: 35

Re: SOLVED: Lxc: can‘t start unprivileged container

@Everette88 thanks for your hint. I tried it without success.
best regards Andreas

Offline

#4 2018-03-31 06:48:39

dini
Member
Registered: 2018-03-31
Posts: 2

Re: SOLVED: Lxc: can‘t start unprivileged container

a_manthey wrote:
ERROR    lxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_create:909 - Could not set clone_children to 1 for cpuset hierarchy in parent cgroup.
ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - Failed to delete /sys/fs/cgroup/blkio/user.slice
...
ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Read-only file system - Failed to delete /sys/fs/cgroup/freezer/
ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Read-only file system - Failed to delete /sys/fs/cgroup/rdma/
…

Try 

sudo sh -c 'echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children'

I have another problem:

lxc-start temp 20180331061422.442 INFO     lxc_start - start.c:lxc_init:846 - Container "temp" is initialized
lxc-start temp 20180331061422.442 ERROR    lxc_start - start.c:lxc_spawn:1553 - Failed initializing cgroup support
lxc-start temp 20180331061422.442 DEBUG    lxc_network - network.c:lxc_delete_network_unpriv:2341 - Cannot not guarantee safe deletion of network devices. Manual cleanup maybe needed
lxc-start temp 20180331061422.442 DEBUG    lxc_network - network.c:lxc_delete_network:3149 - Failed to delete network devices
lxc-start temp 20180331061422.442 ERROR    lxc_start - start.c:__lxc_start:1866 - Failed to spawn container "temp"
lxc-start temp 20180331061422.443 DEBUG    lxc_container - lxccontainer.c:wait_on_daemonized_start:812 - First child 1678 exited
lxc-start temp 20180331061422.443 ERROR    lxc_container - lxccontainer.c:wait_on_daemonized_start:824 - Received container state "ABORTING" instead of "RUNNING"
lxc-start temp 20180331061422.443 INFO     lxc_conf - conf.c:run_script_argv:368 - Executing script "/usr/share/lxcfs/lxc.reboot.hook" for container "temp", config section "lxc"

Offline

#5 2018-04-02 17:21:34

a_manthey
Member
Registered: 2017-08-21
Posts: 35

Re: SOLVED: Lxc: can‘t start unprivileged container

Since lxc 3.0 i have this error too.
Meanwhile i tried further deb-based distros (debian 9.4 and deepin 15.5). On both and on ubuntu 17.10 i can create and run unprivileged lxc-containers as non-root user without any problems.  On these distros lxc doesn‘t depend on the deprecated cgmanager and they use cgfs-ng instead of cgfs driver.
So i think there is no sufficient support of running unprivileged container as non-root user on archlinux.

Offline

#6 2018-05-08 20:26:56

Lynden
Member
Registered: 2011-11-10
Posts: 23

Re: SOLVED: Lxc: can‘t start unprivileged container

After having the same issue it comes down to pam_cgfs not being enabled by default.
So to use unprivileged containers you need to add "session    optional    pam_cgfs.so -c freezer,memory,name=systemd,unified"  to a common pam file, "/etc/pam.d/system-login" worked for me.

I also had to "chmod +x" my home directory, but not sure if it's required.

Offline

#7 2018-05-09 14:55:18

a_manthey
Member
Registered: 2017-08-21
Posts: 35

Re: SOLVED: Lxc: can‘t start unprivileged container

@Lynden: that works for me too, thank you.

$ sudo chmod +x $HOME

is necessary

Offline

#8 2018-05-09 19:13:19

progandy
Member
Registered: 2012-05-17
Posts: 5,190

Re: SOLVED: Lxc: can‘t start unprivileged container

You don't have to to a full chmod +x. If you use ACL (setfacl), then you should be able to set the executable bit only for the first mapped subuid ("container root")

https://stgraber.org/2014/01/17/lxc-1-0 … ontainers/

...
Then, assign yourself a set of uids and gids with:

    sudo usermod --add-subuids 100000-165536 $USER
    sudo usermod --add-subgids 100000-165536 $USER
    sudo chmod +x $HOME

That last one is required because LXC needs it to access ~/.local/share/lxc/ after it switched to the mapped UIDs. If you’re using ACLs, you may instead use “u:100000:x” as a more specific ACL.
...

| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#9 2019-08-06 22:29:09

Anagastes
Member
Registered: 2019-08-06
Posts: 1

Re: SOLVED: Lxc: can‘t start unprivileged container

Hey, I basically have the same problem. Couldn't solve it with it.

my config is this one.

#sysctl kernel.unprivileged_userns_clone
1

$ grep username /etc/sub* 2>/dev/null
/etc/subgid:username:100000:65536
/etc/subuid:username:100000:65536

$ cat ~/.config/lxc/lxc-usernet
username veth lxcbr0 10

$ cat ~/.config/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536

lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx

$ lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup/systemd
/sys/fs/cgroup/memory
/sys/fs/cgroup/cpu,cpuacct
/sys/fs/cgroup/net_cls,net_prio
/sys/fs/cgroup/rdma
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/blkio
/sys/fs/cgroup/freezer
/sys/fs/cgroup/perf_event
/sys/fs/cgroup/pids
/sys/fs/cgroup/devices
/sys/fs/cgroup/hugetlb

Cgroup v2 mount points: 
/sys/fs/cgroup/unified

Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Here the log

lxc-start playtime 20190806221827.366 INFO     confile - confile.c:set_config_idmaps:1987 - Read uid map: type u nsid 0 hostid 100000 range 65536
lxc-start playtime 20190806221827.366 INFO     confile - confile.c:set_config_idmaps:1987 - Read uid map: type g nsid 0 hostid 100000 range 65536
lxc-start playtime 20190806221827.366 INFO     lxccontainer - lxccontainer.c:do_lxcapi_start:993 - Set process title to [lxc monitor] /home/andre/.local/share/lxc playtime
lxc-start playtime 20190806221827.366 INFO     lsm - lsm/lsm.c:lsm_init:50 - LSM security driver nop
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:789 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:do_resolve_add_rule:535 - Set seccomp rule to reject force umounts
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:973 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:do_resolve_add_rule:535 - Set seccomp rule to reject force umounts
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:982 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:do_resolve_add_rule:535 - Set seccomp rule to reject force umounts
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:992 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:do_resolve_add_rule:535 - Set seccomp rule to reject force umounts
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:1002 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:789 - Processing "[all]"
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:789 - Processing "kexec_load errno 1"
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:973 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:982 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:992 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:1002 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:789 - Processing "open_by_handle_at errno 1"
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:973 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:982 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:992 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:1002 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:789 - Processing "init_module errno 1"
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:973 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:982 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:992 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:1002 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:789 - Processing "finit_module errno 1"
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:973 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:982 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:992 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:1002 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:789 - Processing "delete_module errno 1"
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:973 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:982 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:992 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:1002 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start playtime 20190806221827.366 INFO     seccomp - seccomp.c:parse_config_v2:1008 - Merging compat seccomp contexts into main context
lxc-start playtime 20190806221827.367 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:676 - No such device - The process does not have a controlling terminal
lxc-start playtime 20190806221827.367 DEBUG    conf - conf.c:chown_mapped_root:3176 - trying to chown "/dev/pts/5" to 1000
lxc-start playtime 20190806221827.376 INFO     start - start.c:lxc_init:932 - Container "playtime" is initialized
lxc-start playtime 20190806221827.376 INFO     cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1405 - The monitor process uses "lxc.monitor/playtime" as cgroup
lxc-start playtime 20190806221827.376 INFO     cgfsng - cgroups/cgfsng.c:cgfsng_payload_create:1470 - The container process uses "lxc.payload/playtime" as cgroup
lxc-start playtime 20190806221827.376 INFO     start - start.c:lxc_spawn:1778 - Cloned CLONE_NEWUSER
lxc-start playtime 20190806221827.376 INFO     start - start.c:lxc_spawn:1778 - Cloned CLONE_NEWNS
lxc-start playtime 20190806221827.376 INFO     start - start.c:lxc_spawn:1778 - Cloned CLONE_NEWPID
lxc-start playtime 20190806221827.376 INFO     start - start.c:lxc_spawn:1778 - Cloned CLONE_NEWUTS
lxc-start playtime 20190806221827.376 INFO     start - start.c:lxc_spawn:1778 - Cloned CLONE_NEWIPC
lxc-start playtime 20190806221827.376 DEBUG    start - start.c:lxc_try_preserve_namespaces:192 - Preserved user namespace via fd 15
lxc-start playtime 20190806221827.376 DEBUG    start - start.c:lxc_try_preserve_namespaces:192 - Preserved mnt namespace via fd 16
lxc-start playtime 20190806221827.376 DEBUG    start - start.c:lxc_try_preserve_namespaces:192 - Preserved pid namespace via fd 17
lxc-start playtime 20190806221827.376 DEBUG    start - start.c:lxc_try_preserve_namespaces:192 - Preserved uts namespace via fd 18
lxc-start playtime 20190806221827.376 DEBUG    start - start.c:lxc_try_preserve_namespaces:192 - Preserved ipc namespace via fd 19
lxc-start playtime 20190806221827.376 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2852 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start playtime 20190806221827.376 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2852 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start playtime 20190806221827.376 DEBUG    conf - conf.c:lxc_map_ids:2938 - Functional newuidmap and newgidmap binary found
lxc-start playtime 20190806221827.384 INFO     start - start.c:do_start:1186 - Unshared CLONE_NEWNET
lxc-start playtime 20190806221827.385 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2852 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start playtime 20190806221827.385 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2852 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start playtime 20190806221827.385 DEBUG    conf - conf.c:lxc_map_ids:2938 - Functional newuidmap and newgidmap binary found
lxc-start playtime 20190806221827.391 DEBUG    start - start.c:lxc_spawn:1833 - Preserved net namespace via fd 10
lxc-start playtime 20190806221827.391 WARN     start - start.c:lxc_spawn:1838 - Operation not permitted - Failed to allocate new network namespace id
lxc-start playtime 20190806221827.391 NOTICE   utils - utils.c:lxc_switch_uid_gid:1411 - Switched to gid 0
lxc-start playtime 20190806221827.391 NOTICE   utils - utils.c:lxc_switch_uid_gid:1420 - Switched to uid 0
lxc-start playtime 20190806221827.391 NOTICE   utils - utils.c:lxc_setgroups:1433 - Dropped additional groups
lxc-start playtime 20190806221827.391 INFO     start - start.c:do_start:1301 - Unshared CLONE_NEWCGROUP
lxc-start playtime 20190806221827.391 DEBUG    storage - storage/storage.c:get_storage_by_name:232 - Detected rootfs type "dir"
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:lxc_mount_rootfs:1357 - Mounted rootfs "/home/andre/.local/share/lxc/playtime/rootfs" onto "/usr/lib/lxc/rootfs" with options "(null)"
lxc-start playtime 20190806221827.391 INFO     conf - conf.c:setup_utsname:818 - Set hostname to "playtime"
lxc-start playtime 20190806221827.391 INFO     conf - conf.c:mount_autodev:1145 - Preparing "/dev"
lxc-start playtime 20190806221827.391 INFO     conf - conf.c:mount_autodev:1192 - Prepared "/dev"
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2026 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2047 - Flags for "/sys/fs/fuse/connections" were 4110, required extra flags are 14
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2100 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2026 - Remounting "/sys/kernel/debug" on "/usr/lib/lxc/rootfs/sys/kernel/debug" to respect bind or remount options
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2047 - Flags for "/sys/kernel/debug" were 4110, required extra flags are 14
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2100 - Mounted "/sys/kernel/debug" on "/usr/lib/lxc/rootfs/sys/kernel/debug" with filesystem type "none"
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2026 - Remounting "/sys/kernel/security" on "/usr/lib/lxc/rootfs/sys/kernel/security" to respect bind or remount options
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2047 - Flags for "/sys/kernel/security" were 4110, required extra flags are 14
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2100 - Mounted "/sys/kernel/security" on "/usr/lib/lxc/rootfs/sys/kernel/security" with filesystem type "none"
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2026 - Remounting "/sys/fs/pstore" on "/usr/lib/lxc/rootfs/sys/fs/pstore" to respect bind or remount options
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2047 - Flags for "/sys/fs/pstore" were 4110, required extra flags are 14
lxc-start playtime 20190806221827.391 DEBUG    conf - conf.c:mount_entry:2100 - Mounted "/sys/fs/pstore" on "/usr/lib/lxc/rootfs/sys/fs/pstore" with filesystem type "none"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:mount_entry:2100 - Mounted "mqueue" on "/usr/lib/lxc/rootfs/dev/mqueue" with filesystem type "mqueue"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:mount_entry:2026 - Remounting "/sys/firmware/efi/efivars" on "/usr/lib/lxc/rootfs/sys/firmware/efi/efivars" to respect bind or remount options
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:mount_entry:2047 - Flags for "/sys/firmware/efi/efivars" were 4110, required extra flags are 14
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:mount_entry:2100 - Mounted "/sys/firmware/efi/efivars" on "/usr/lib/lxc/rootfs/sys/firmware/efi/efivars" with filesystem type "none"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:mount_entry:2026 - Remounting "/proc/sys/fs/binfmt_misc" on "/usr/lib/lxc/rootfs/proc/sys/fs/binfmt_misc" to respect bind or remount options
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:mount_entry:2047 - Flags for "/proc/sys/fs/binfmt_misc" were 4110, required extra flags are 14
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:mount_entry:2100 - Mounted "/proc/sys/fs/binfmt_misc" on "/usr/lib/lxc/rootfs/proc/sys/fs/binfmt_misc" with filesystem type "none"
lxc-start playtime 20190806221827.392 INFO     conf - conf.c:lxc_fill_autodev:1236 - Populating "/dev"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_fill_autodev:1308 - Bind mounted host device node "/dev/full" onto "/usr/lib/lxc/rootfs/dev/full"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_fill_autodev:1308 - Bind mounted host device node "/dev/null" onto "/usr/lib/lxc/rootfs/dev/null"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_fill_autodev:1308 - Bind mounted host device node "/dev/random" onto "/usr/lib/lxc/rootfs/dev/random"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_fill_autodev:1308 - Bind mounted host device node "/dev/tty" onto "/usr/lib/lxc/rootfs/dev/tty"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_fill_autodev:1308 - Bind mounted host device node "/dev/urandom" onto "/usr/lib/lxc/rootfs/dev/urandom"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_fill_autodev:1308 - Bind mounted host device node "/dev/zero" onto "/usr/lib/lxc/rootfs/dev/zero"
lxc-start playtime 20190806221827.392 INFO     conf - conf.c:lxc_fill_autodev:1313 - Populated "/dev"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_setup_dev_console:1775 - Mounted pts device "/dev/pts/5" onto "/usr/lib/lxc/rootfs/dev/console"
lxc-start playtime 20190806221827.392 INFO     utils - utils.c:lxc_mount_proc_if_needed:1264 - I am 1, /proc/self points to "1"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_setup_devpts:1657 - Mount new devpts instance with options "gid=5,newinstance,ptmxmode=0666,mode=0620,max=1024"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_setup_devpts:1676 - Created dummy "/dev/ptmx" file as bind mount target
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_setup_devpts:1681 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_allocate_ttys:1015 - Created tty "/dev/pts/0" with master fd 14 and slave fd 15
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_allocate_ttys:1015 - Created tty "/dev/pts/1" with master fd 16 and slave fd 17
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_allocate_ttys:1015 - Created tty "/dev/pts/2" with master fd 18 and slave fd 19
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_allocate_ttys:1015 - Created tty "/dev/pts/3" with master fd 20 and slave fd 21
lxc-start playtime 20190806221827.392 INFO     conf - conf.c:lxc_allocate_ttys:1032 - Finished creating 4 tty devices
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_setup_ttys:967 - Bind mounted "/dev/pts/0" onto "/dev/tty1"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_setup_ttys:967 - Bind mounted "/dev/pts/1" onto "/dev/tty2"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_setup_ttys:967 - Bind mounted "/dev/pts/2" onto "/dev/tty3"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:lxc_setup_ttys:967 - Bind mounted "/dev/pts/3" onto "/dev/tty4"
lxc-start playtime 20190806221827.392 INFO     conf - conf.c:lxc_setup_ttys:976 - Finished setting up 4 /dev/tty<N> device(s)
lxc-start playtime 20190806221827.392 INFO     conf - conf.c:setup_personality:1720 - Set personality to "0x0"
lxc-start playtime 20190806221827.392 DEBUG    conf - conf.c:setup_caps:2521 - Capabilities have been setup
lxc-start playtime 20190806221827.392 NOTICE   conf - conf.c:lxc_setup:3751 - The container "playtime" is set up
lxc-start playtime 20190806221827.393 DEBUG    start - start.c:lxc_spawn:1898 - Preserved cgroup namespace via fd 20
lxc-start playtime 20190806221827.393 NOTICE   start - start.c:start:2118 - Exec'ing "/sbin/init"
lxc-start playtime 20190806221827.393 NOTICE   start - start.c:post_start:2129 - Started "/sbin/init" with pid "28678"
lxc-start playtime 20190806221827.393 DEBUG    lxccontainer - lxccontainer.c:wait_on_daemonized_start:861 - First child 28672 exited
lxc-start playtime 20190806221827.393 NOTICE   start - start.c:signal_handler:438 - Received 17 from pid 28674 instead of container init 28678
lxc-start playtime 20190806221827.402 DEBUG    start - start.c:signal_handler:456 - Container init process 28678 exited
lxc-start playtime 20190806221827.402 INFO     error - error.c:lxc_error_set_and_log:49 - Child <28678> ended on error (255)
lxc-start playtime 20190806221827.402 DEBUG    network - network.c:lxc_delete_network:4027 - Deleted network devices
lxc-start playtime 20190806221827.402 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2852 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start playtime 20190806221827.402 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2852 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start playtime 20190806221827.402 DEBUG    conf - conf.c:lxc_map_ids:2938 - Functional newuidmap and newgidmap binary found

Offline

Pages: 1

Board footer

Powered by FluxBB