LXC cannot start, MX Linux


(hkjz) #1

Dear People,

i cannot start Containers on MX Linux

$ sudo lxc-ls --fancy
NAME            STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED 
gentooContainer STOPPED 0         -      -    -    false        
UbuntuContaiter    STOPPED 0         -      -    -    false   
$ sudo lxc-start -n gentooContainer -F
lxc-start: gentooContainer: cgroups/cgfsng.c: cg_legacy_set_data: 2191 Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy
                      lxc-start: gentooContainer: start.c: lxc_spawn: 1814 Failed to setup legacy device cgroup controller limits
                             lxc-start: gentooContainer: start.c: __lxc_start: 1951 Failed to spawn container "gentooContainer"
                           lxc-start: gentooContainer: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: gentooContainer: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
$ sudo lxc-start -n gentooContainer  --logfile mylogfile --logpriority debug -F
lxc-start: gentooContainer: cgroups/cgfsng.c: cg_legacy_set_data: 2191 Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy
                      lxc-start: gentooContainer: start.c: lxc_spawn: 1814 Failed to setup legacy device cgroup controller limits
                             lxc-start: gentooContainer: start.c: __lxc_start: 1951 Failed to spawn container "gentooContainer"
                           lxc-start: gentooContainer: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: gentooContainer: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options
$ sudo cat mylogfile
lxc-start gentooContainer 20190430173109.455 INFO     lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start gentooContainer 20190430173109.456 INFO     seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start gentooContainer 20190430173109.471 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:714 - Using terminal "/dev/tty" as proxy
lxc-start gentooContainer 20190430173109.471 DEBUG    terminal - terminal.c:lxc_terminal_signal_init:192 - Created signal fd 9
lxc-start gentooContainer 20190430173109.471 DEBUG    terminal - terminal.c:lxc_terminal_winsz:90 - Set window size to 100 columns and 54 rows
lxc-start gentooContainer 20190430173109.685 INFO     start - start.c:lxc_init:904 - Container "gentooContainer" is initialized
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWNS
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWPID
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWUTS
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWIPC
lxc-start gentooContainer 20190430173109.686 INFO     start - start.c:lxc_spawn:1700 - Cloned CLONE_NEWNET
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved mnt namespace via fd 15
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved pid namespace via fd 16
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved uts namespace via fd 17
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved ipc namespace via fd 18
lxc-start gentooContainer 20190430173109.686 DEBUG    start - start.c:lxc_try_preserve_namespaces:196 - Preserved net namespace via fd 19
lxc-start gentooContainer 20190430173109.687 INFO     cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2237 - Limits for the legacy cgroup hierarchies have been setup
lxc-start gentooContainer 20190430173109.687 DEBUG    start - start.c:lxc_spawn:1754 - Preserved net namespace via fd 10
lxc-start gentooContainer 20190430173109.688 INFO     start - start.c:do_start:1254 - Unshared CLONE_NEWCGROUP
lxc-start gentooContainer 20190430173109.688 DEBUG    storage - storage/storage.c:get_storage_by_name:231 - Detected rootfs type "dir"
lxc-start gentooContainer 20190430173109.688 DEBUG    conf - conf.c:lxc_mount_rootfs:1332 - Mounted rootfs "/var/lib/lxc/gentooContainer/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)"
lxc-start gentooContainer 20190430173109.688 INFO     conf - conf.c:setup_utsname:791 - Set hostname to "gentooContainer"
lxc-start gentooContainer 20190430173109.688 INFO     network - network.c:lxc_setup_network_in_child_namespaces:3053 - network has been setup
lxc-start gentooContainer 20190430173109.688 INFO     conf - conf.c:mount_autodev:1118 - Preparing "/dev"
lxc-start gentooContainer 20190430173109.689 INFO     conf - conf.c:mount_autodev:1165 - Prepared "/dev"
lxc-start gentooContainer 20190430173109.689 INFO     conf - conf.c:lxc_fill_autodev:1209 - Populating "/dev"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/full"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/null"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/random"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/tty"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/urandom"
lxc-start gentooContainer 20190430173109.689 DEBUG    conf - conf.c:lxc_fill_autodev:1224 - Created device node "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/zero"
lxc-start gentooContainer 20190430173109.689 INFO     conf - conf.c:lxc_fill_autodev:1286 - Populated "/dev"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2027 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2048 - Flags for "/sys/fs/fuse/connections" were 4096, required extra flags are 0
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2058 - Mountflags already were 4096, skipping remount
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "none" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/shm" with filesystem type "tmpfs"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "proc" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/proc" with filesystem type "proc"
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:mount_entry:2102 - Mounted "sys" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/sys" with filesystem type "sysfs"
lxc-start gentooContainer 20190430173109.690 INFO     conf - conf.c:mount_file_entries:2333 - Finished setting up mounts
lxc-start gentooContainer 20190430173109.690 DEBUG    conf - conf.c:lxc_setup_dev_console:1771 - Mounted pts device "/dev/pts/2" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/console"
lxc-start gentooContainer 20190430173109.690 INFO     utils - utils.c:lxc_mount_proc_if_needed:1231 - I am 1, /proc/self points to "1"
lxc-start gentooContainer 20190430173109.704 WARN     conf - conf.c:lxc_setup_devpts:1616 - Invalid argument - Failed to unmount old devpts instance
lxc-start gentooContainer 20190430173109.704 DEBUG    conf - conf.c:lxc_setup_devpts:1653 - Mount new devpts instance with options "gid=5,newinstance,ptmxmode=0666,mode=0620,max=1024"
lxc-start gentooContainer 20190430173109.704 DEBUG    conf - conf.c:lxc_setup_devpts:1672 - Created dummy "/dev/ptmx" file as bind mount target
lxc-start gentooContainer 20190430173109.704 DEBUG    conf - conf.c:lxc_setup_devpts:1677 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx"
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/0" with master fd 11 and slave fd 14
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/1" with master fd 15 and slave fd 16
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/2" with master fd 17 and slave fd 18
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_allocate_ttys:989 - Created tty "/dev/pts/3" with master fd 19 and slave fd 20
lxc-start gentooContainer 20190430173109.705 INFO     conf - conf.c:lxc_allocate_ttys:1005 - Finished creating 4 tty devices
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/0" onto "/dev/tty1"
lxc-start gentooContainer 20190430173109.705 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/1" onto "/dev/tty2"
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/2" onto "/dev/tty3"
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:lxc_setup_ttys:940 - Bind mounted "/dev/pts/3" onto "/dev/tty4"
lxc-start gentooContainer 20190430173109.706 INFO     conf - conf.c:lxc_setup_ttys:949 - Finished setting up 4 /dev/tty<N> device(s)
lxc-start gentooContainer 20190430173109.706 INFO     conf - conf.c:setup_personality:1716 - Set personality to "0x0"
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped mac_admin (33) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped mac_override (32) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped sys_time (25) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped sys_module (16) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2526 - Dropped sys_rawio (17) capability
lxc-start gentooContainer 20190430173109.706 DEBUG    conf - conf.c:setup_caps:2529 - Capabilities have been setup
lxc-start gentooContainer 20190430173109.706 NOTICE   conf - conf.c:lxc_setup:3716 - The container "gentooContainer" is set up
lxc-start gentooContainer 20190430173109.706 INFO     lsm - lsm/lsm.c:lsm_process_label_set_at:178 - Set AppArmor label to "lxc-gentooContainer_</var/lib/lxc>//&:lxc-gentooContainer_<-var-lib-lxc>:"
lxc-start gentooContainer 20190430173109.706 INFO     apparmor - lsm/apparmor.c:apparmor_process_label_set:1101 - Changed AppArmor profile to lxc-gentooContainer_</var/lib/lxc>//&:lxc-gentooContainer_<-var-lib-lxc>:
lxc-start gentooContainer 20190430173109.706 WARN     cgfsng - cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller
lxc-start gentooContainer 20190430173109.706 ERROR    cgfsng - cgroups/cgfsng.c:cg_legacy_set_data:2191 - Failed to setup limits for the "devices" controller. The controller seems to be unused by "cgfsng" cgroup driver or not enabled on the cgroup hierarchy
lxc-start gentooContainer 20190430173109.707 WARN     cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2228 - Failed to set "devices.deny" to "a"
lxc-start gentooContainer 20190430173109.707 ERROR    start - start.c:lxc_spawn:1814 - Failed to setup legacy device cgroup controller limits
lxc-start gentooContainer 20190430173109.707 DEBUG    network - network.c:lxc_delete_network:3180 - Deleted network devices
lxc-start gentooContainer 20190430173109.708 ERROR    start - start.c:__lxc_start:1951 - Failed to spawn container "gentooContainer"
lxc-start gentooContainer 20190430173109.895 ERROR    lxc_start - tools/lxc_start.c:main:330 - The container failed to start
lxc-start gentooContainer 20190430173109.895 ERROR    lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options

cgfsng - cgroups/cgfsng.c:get_hierarchy:204 - There is no useable devices controller

does this thing tell anything to anyone?


#2

Hi!

There is lxc-checkconfig to check your Linux kernel configuration and see whether it has enabled all the necessary bits for LXC. See
https://linuxcontainers.org/lxc/manpages/man1/lxc-checkconfig.1.html

You can run it and post the output here.


(hkjz) #3
$ lxc-checkconfig
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-4.19.0-1-amd64
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup/systemd

Cgroup v2 mount points: 


Cgroup v1 freezer controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, not loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

Thanks simos


#4

Did you make any progress on this? I have same problem on multiple different hosts (Ubuntu and Arch Linux). Only difference is my Cgroup v1 freezer controller is enabled, not missing.

Seems like unprivileged container functionality is not well tested. On Arch Linux just running lxc-start as a user (ie. unprivileged) in the forground (-F) causes a segfault.


#5

I have the same problem when I use ‘cgroup_no_v1=all’ on the host kernel cmdline, and everything is good is I remove that parameter.


#6

It looks like cgroup2 need a different config not the one in current common.conf. But where I can found the right one?

Thanks
Alex