Hello, I desperately need some help with an issue. All my containers that are supposed to run gui apps cannot start. The host machine is Debian 11 amd64 and the container is the same. The app that I am trying to run in the container is Firefox.
When I do lxc start firefox i get the following error:

Error: Failed to run: /snap/lxd/current/bin/lxd forkstart firefox /var/snap/lxd/common/lxd/containers /var/snap/lxd/common/lxd/logs/firefox/lxc.conf: 
Try `lxc info --show-log firefox` for more info

When I do lxc info --show-log firefox i get the following:

Name: firefox
Status: STOPPED
Type: container
Architecture: x86_64
Created: 2022/06/22 14:35 CEST
Last Used: 2022/06/30 12:23 CEST

Log:

lxc firefox 20220630102327.692 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3592 - newuidmap binary is missing
lxc firefox 20220630102327.692 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3598 - newgidmap binary is missing
lxc firefox 20220630102327.693 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3592 - newuidmap binary is missing
lxc firefox 20220630102327.693 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3598 - newgidmap binary is missing
lxc firefox 20220630102327.756 ERROR    conf - ../src/src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/var/snap/lxd/common/lxd/devices/firefox/disk.PASocket.tmp-.pulse--native" on "/var/snap/lxd/common/lxc//tmp/.pulse-native"
lxc firefox 20220630102327.756 ERROR    conf - ../src/src/lxc/conf.c:lxc_setup:4375 - Failed to setup mount entries
lxc firefox 20220630102327.756 ERROR    start - ../src/src/lxc/start.c:do_start:1275 - Failed to setup container "firefox"
lxc firefox 20220630102327.756 ERROR    sync - ../src/src/lxc/sync.c:sync_wait:34 - An error occurred in another process (expected sequence number 3)
lxc firefox 20220630102327.763 WARN     network - ../src/src/lxc/network.c:lxc_delete_network_priv:3631 - Failed to rename interface with index 0 from "eth0" to its initial name "vethd0884118"
lxc firefox 20220630102327.763 ERROR    lxccontainer - ../src/src/lxc/lxccontainer.c:wait_on_daemonized_start:877 - Received container state "ABORTING" instead of "RUNNING"
lxc firefox 20220630102327.763 ERROR    start - ../src/src/lxc/start.c:__lxc_start:2074 - Failed to spawn container "firefox"
lxc firefox 20220630102327.763 WARN     start - ../src/src/lxc/start.c:lxc_abort:1039 - No such process - Failed to send SIGKILL via pidfd 17 for process 29910
lxc firefox 20220630102332.839 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3592 - newuidmap binary is missing
lxc firefox 20220630102332.839 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3598 - newgidmap binary is missing
lxc 20220630102332.855 ERROR    af_unix - ../src/src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20220630102332.855 ERROR    commands - ../src/src/lxc/commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors for command "get_state"

the profile used for the container has the following configuration:

config:                                                                                   
  environment.DISPLAY: :0                                                                 
  environment.PULSE_SERVER: unix:/tmp/.pulse-native                                       
  raw.idmap: both 1000 1000                                                               
  user.user-data: |                                                                       
    #cloud-config                                                                         
    runcmd:                                                                               
      - 'sed -i "s/; enable-shm = yes/enable-shm = no/g" /etc/pulse/client.conf'          
      - 'echo export PULSE_SERVER=unix:/tmp/.pulse-native | tee --append /home/cezar/.profile'
    packages:                                                                             
      - x11-apps                                                                          
      - mesa-utils                                                                        
      - pulseaudio                                                                        
description: GUI LXD profile                                                              
devices:                                                                                  
  PASocket:                                                                               
    path: /tmp/.pulse-native                                                              
    source: /run/user/1000/pulse/native                                                   
    type: disk                                                                            
  X0:                                                                                     
    path: /tmp/.X11-unix/X0                                                               
    source: /tmp/.X11-unix/X0                                                             
    type: disk                                                                            
  eth0:                                                                                   
    name: eth0                                                                            
    network: lxdbr0                                                                       
    type: nic                                                                             
  mygpu:                                                                                  
    type: gpu                                                                             
  root:                                                                                   
    path: /                                                                               
    pool: default                                                                         
    type: disk                                                                            
name: gui                           

Any suggestions?

I refreshed the snap from 5.2 to 5.3 today and I report a very similar issue for GUI enabled containers:

lxc development 20220630104100.475 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3592 - newuidmap binary is missing
lxc development 20220630104100.475 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3598 - newgidmap binary is missing
lxc development 20220630104100.475 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3592 - newuidmap binary is missing
lxc development 20220630104100.475 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3598 - newgidmap binary is missing
lxc development 20220630104100.475 WARN     cgfsng - ../src/src/lxc/cgroups/cgfsng.c:fchowmodat:1252 - No such file or directory - Failed to fchownat(42, memory.oom.group, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc development 20220630104100.571 ERROR    conf - ../src/src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/var/snap/lxd/common/lxd/devices/container_name/disk.Code.home-ubuntu-Code" on "/var/snap/lxd/common/lxc//home/ubuntu/some_folder"
lxc development 20220630104100.571 ERROR    conf - ../src/src/lxc/conf.c:lxc_setup:4375 - Failed to setup mount entries
lxc development 20220630104100.571 ERROR    start - ../src/src/lxc/start.c:do_start:1275 - Failed to setup container "container_name"
lxc development 20220630104100.571 ERROR    sync - ../src/src/lxc/sync.c:sync_wait:34 - An error occurred in another process (expected sequence number 3)
lxc development 20220630104100.574 WARN     network - ../src/src/lxc/network.c:lxc_delete_network_priv:3631 - Failed to rename interface with index 0 from "eth0" to its initial name "veth2f123d2b"
lxc development 20220630104100.574 ERROR    lxccontainer - ../src/src/lxc/lxccontainer.c:wait_on_daemonized_start:877 - Received container state "ABORTING" instead of "RUNNING"
lxc development 20220630104100.574 ERROR    start - ../src/src/lxc/start.c:__lxc_start:2074 - Failed to spawn container "container_name"
lxc development 20220630104100.574 WARN     start - ../src/src/lxc/start.c:lxc_abort:1039 - No such process - Failed to send SIGKILL via pidfd 43 for process 33076
lxc development 20220630104105.689 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3592 - newuidmap binary is missing
lxc development 20220630104105.689 WARN     conf - ../src/src/lxc/conf.c:lxc_map_ids:3598 - newgidmap binary is missing
lxc 20220630104105.730 ERROR    af_unix - ../src/src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20220630104105.730 ERROR    commands - ../src/src/lxc/commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors for command "get_state"

Among the errors I see an issue in mapping a host folder and the network. However containers with mounted folders but no GUI work fine. So it will be something with the GUI … @simos could you please have a look?

I am at Ubuntu 20.04.4 with NVidia 470.129.06 driver.

It looks like this might be an issue in version 5.3. You might want to downgrade back to 5.2 while this is inspected.

Update: I tried to switch off nvidia.runtime in my x11 profile, but it didn’t help. Maybe it is pulse audio or something else.

I successfully rolled back LXD to 5.2: snap refresh lxd --channel=5.2/stable and the containers work again.

I rolled back as well and it works for me as before.

I have the same problem after updating lxd snap to 5.3. I can remove the mounts, u1000 and x0, start the container and then add them back:

$ lxc config device add ubuntufocal-container u1000 disk path=/home/ubuntu/1000 source=/run/user/1000
$ Device u1000 added to ubuntufocal-container
$ lxc config device add ubuntufocal-container x0 disk path=/tmp/.X11-unix/X0 source=/tmp/.X11-unix/X0
$ Device x0 added to ubuntufocal-container

and then GUI apps work fine. I’m on Ubuntu 22.04. Let me know if you want logs, system info etc. to debug this.

As others, I have the same issue. Simple disk mounts work fine, but passing through any sockets fail.

devices:
  Downloads:
    path: /home/user/Downloads
    readonly: "false"
    source: /home/user/Desktop/Browser-downloads
    type: disk
  PASocket:
    path: /tmp/.pulse-native
    source: /run/user/number/pulse/native
    type: disk
  X0:
    path: /tmp/.X11-unix/X0
    source: /tmp/.X11-unix/X0
    type: disk

The first (Downloads) is fine, but Pulse Audio and X11 passthrough fail with the same error -

lxc browser 20220702140535.247 ERROR    conf - ../src/src/lxc/conf.c:mount_entry:2459 - Operation not permitted - Failed to mount "/var/snap/lxd/common/lxd/devices/browser/disk.PASocket.tmp-.pulse--native" on "/var/snap/lxd/common/lxc//tmp/.pulse-native"

Rolled back to 5.2 as others have reported, works for me too. Sticking with 5.2 for now.

Just tried with a socket here and still no luck reproducing the issue.

It’d be very useful if we could get access to an affected system.

Otherwise what’s going to happen is that we’ll be pushing out a general update to 5.3 over the next few days with other fixes and this will cause everyone who did a rollback to land on 5.3 again with the same issue happening. Except that this time a rollback would likely get you on the earlier 5.3 which will still be broken for you

Looks like this already got fixed in LXC which is why I couldn’t see here.

I’ve now pushed cherry-picks to latest/candidate which should be available in 2-3 hours.
It’d be great if someone affected could refresh to latest/candidate later today and see if that fixes it. If it does, we’ll roll that out tomorrow.

That is good news! I will test it in half an hour.

It’s a fix

@stgraber I can confirm that on my machine the problem is gone with latest/candidate. The affected containers run again. Thank you for resolving it.

Fix works for me as well.

Excellent, thank you both for testing it!

We’ll start the phased rollout of that fix tomorrow morning (we avoid pushing new stuff during the weekend for obvious reasons ;)).