GUI Container Fails on Startup "Failed to listen"

Greetings:

Following some standard updates, my LXC containers started to act funny. I got all of them back up to snuff except my Firefox container which was setup according to these instructions: Running X11 software in LXD containers.

On LXD startup, or when manually started. I get the following error:

$ lxc start Firefox
Error: Error occurred when starting proxy device: Error: Failed to listen on @/tmp/.X11-unix/X0: listen unix @/tmp/.X11-unix/X0: bind: permission denied
Try `lxc info --show-log Firefox` for more info

$ lxc info --show-log Firefox produces:

Name: Firefox
Location: none
Remote: unix://
Architecture: x86_64
Created: 2020/03/04 10:47 UTC
Status: Stopped
Type: container
Profiles: default, x11

Log:

lxc Firefox 20200919012252.624 WARN     cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create director
y "/sys/fs/cgroup/cpuset//lxc.monitor.Firefox"
lxc Firefox 20200919012252.625 WARN     cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1152 - File exists - Failed to create director
y "/sys/fs/cgroup/cpuset//lxc.payload.Firefox"
lxc Firefox 20200919012252.628 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1573 - No such file or directory - Failed to fchownat(17
, memory.oom.group, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )

my LXD snap is 4.5 running on Ubuntu 20.04.1. LTS. I believe the Firefox container is Ubuntu 18.04.

Thank you!

Yes, this was already reported by a couple of other users on this forum and Github.

A fix was merged a couple of hours ago and is available in the candidate channel (on top of LXD 4.6). This should sort it out and will be in stable on Monday/Tuesday.

If you’re in a hurry, you can switch to candidate in the meantime with snap refresh lxd --candidate, note that you should remember to do snap refresh lxd --stable later next week to get back to stable.

2 Likes

I have updated the top of the post with these instructions, https://blog.simos.info/running-x11-software-in-lxd-containers/

1 Like

Thank you, gentlemen. I apologize for not being more thorough in my search. Irrespective, thank you so much for all your hard work!

Will there be a hotfix release for non-snap users?

The change in the code (AppArmor confinement for the forkproxy) happened in LXD 4.5 and the fix was added in LXD 4.6. You would be affected if you have a deb package of LXD 4.5.

No, as far as I can see, the recent fix is not included in 4.6:
comparison 4.6 and master

You are right. The fix was cherry-picked over LXD 4.6. Therefore, both LXD 4.5 and LXD 4.6 are currently affected.