DjoDjo
(Johann)
July 18, 2019, 2:52pm
1
Hello,
while doing “make”:
lxd/main_checkfeature.go: In function ‘is_seccomp_notify_aware’:
lxd/main_checkfeature.go:140:48: error: ‘SECCOMP_GET_ACTION_AVAIL’ undeclared (first use in this function)
seccomp_notify_aware = (syscall(__NR_seccomp, SECCOMP_GET_ACTION_AVAIL,
any clue ?
stgraber
(Stéphane Graber)
July 18, 2019, 4:45pm
2
What Linux distribution are you building this on, what kernel version is on there and what version of libseccomp do you have installed?
DjoDjo
(Johann)
July 18, 2019, 4:48pm
3
This is debian 9
uname -a
Linux cpu-5131 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64 GNU/Linux
dpkg -l | grep seccomp
ii golang-github-seccomp-libseccomp-golang-dev 0.0~git20150813.0.1b506fc-2 all golang bindings for libseccomp
ii libseccomp-dev:amd64 2.3.1-2.1+deb9u1 amd64 high level interface to Linux seccomp filter (development files)
ii libseccomp2:amd64 2.3.1-2.1+deb9u1 amd64 high level interface to Linux seccomp filter
ii seccomp 2.3.1-2.1+deb9u1 amd64 helper tools for high level interface to Linux seccomp filter
stgraber
(Stéphane Graber)
July 18, 2019, 6:47pm
4
@brauner more ifdef magic needed
DjoDjo
(Johann)
July 19, 2019, 8:25am
5
After compiling, I have a mssing lib when running lxd :
/root/go/bin/lxd: error while loading shared libraries: libraft.so.0: cannot open shared object file: No such file or directory
DjoDjo
(Johann)
July 19, 2019, 8:36am
6
Fixed by updating the LD_LIBRARY_PATH export by adding /root/go/deps/raft/.libs/:/root/go/deps/libco/
DjoDjo
(Johann)
July 19, 2019, 8:51am
7
Now vm does not start, having this error :
Error: Common start logic: Load go-lxc struct: Failed to set LXC config: lxc.hook.version=1
Is the liblxc version the problem ? i’m up-to-date on debian 9
ii liblxc1 1:2.0.7-2+deb9u2 amd64 Linux Containers userspace tools (library)
DjoDjo
(Johann)
July 19, 2019, 10:01am
8
After upgrading to debian 10 and liblxc to 1.3 it work.
But now having this problem when starting vm with kernel 4.19.0-5-amd64 :
lxc vm647662 20190719095258.939 WARN conf - conf.c:lxc_map_ids:2941 - newuidmap binary is missing
lxc vm647662 20190719095258.939 WARN conf - conf.c:lxc_map_ids:2947 - newgidmap binary is missing
lxc vm647662 20190719095258.940 WARN conf - conf.c:lxc_map_ids:2941 - newuidmap binary is missing
lxc vm647662 20190719095258.940 WARN conf - conf.c:lxc_map_ids:2947 - newgidmap binary is missing
lxc vm647662 20190719095259.641 WARN conf - conf.c:lxc_setup_devpts:1616 - Invalid argument - Failed to unmount old devpts instance
lxc vm647662 20190719095259.642 ERROR lsm - lsm/lsm.c:lsm_process_label_set_at:174 - No such file or directory - Failed to set AppArmor label “lxc-container-default-cgns”
lxc vm647662 20190719095259.642 ERROR apparmor - lsm/apparmor.c:apparmor_process_label_set:1097 - Failed to change AppArmor profile to lxc-container-default-cgns
lxc vm647662 20190719095259.643 ERROR sync - sync.c:__sync_wait:62 - An error occurred in another process (expected sequence number 5)
lxc vm647662 20190719095259.643 WARN network - network.c:lxc_delete_network_priv:2589 - Operation not permitted - Failed to remove interface “eth0” with index 129
lxc vm647662 20190719095259.644 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:842 - Received container state “ABORTING” instead of “RUNNING”
lxc vm647662 20190719095259.646 ERROR start - start.c:__lxc_start:1951 - Failed to spawn container “vm647662”
lxc vm647662 20190719095259.765 WARN conf - conf.c:lxc_map_ids:2941 - newuidmap binary is missing
lxc vm647662 20190719095259.765 WARN conf - conf.c:lxc_map_ids:2947 - newgidmap binary is missing
lxc 20190719095259.772 WARN commands - commands.c:lxc_cmd_rsp_recv:132 - Connection reset by peer - Failed to receive response for command “get_state”
When booting on old kernel (4.9.0-8-amd64), no problem.
stgraber
(Stéphane Graber)
July 19, 2019, 1:02pm
9
Looks like that’s because the 4.19 kernel has apparmor support but you don’t have the apparmor profiles loaded, at least that’s what the error says.
DjoDjo
(Johann)
July 19, 2019, 8:54pm
10
stgraber:
apparmor profiles loaded
Ok thank you, checking this way.