Hello!
After upgrade to 4.23 on the host machine and also upgrading the container to the 4.23 version of LXD I am unable to start unprivileged containers inside container.
Setup:
SERVER = running gentoo-like OS
- LXD-4.23 installed -> unpriv CONTAINER with the same gentoo-like OS and LXD-4.23 installed -> trying to start unpriv NESTED-CONTAINER
lxc info
:
driver: qemu | lxc
driver_version: 6.2.0 | 4.0.12
firewall: xtables
kernel: Linux
kernel_architecture: x86_64
kernel_features:
netnsid_getifaddrs: "true"
seccomp_listener: "true"
seccomp_listener_continue: "true"
shiftfs: "false"
uevent_injection: "true"
unpriv_fscaps: "true"
kernel_version: 5.16.7
lxc_features:
cgroup2: "true"
core_scheduling: "true"
devpts_fd: "true"
idmapped_mounts_v2: "true"
mount_injection_file: "true"
network_gateway_device_route: "true"
network_ipvlan: "true"
network_l2proxy: "true"
network_phys_macvlan_mtu: "true"
network_veth_router: "true"
pidfd: "true"
seccomp_allow_deny_syntax: "true"
seccomp_notify: "true"
seccomp_proxy_send_notify_fd: "true"
os_name: LigurOS
os_version: ""
project: default
server: lxd
server_clustered: false
server_name: localhost
server_pid: 12551
server_version: "4.23"
storage: btrfs
storage_version: "5.16"
storage_supported_drivers:
- name: btrfs
version: "5.16"
remote: false
- name: dir
version: "1"
remote: false
This is the config of the CONTAINER
:
architecture: x86_64
config:
environment.LANG: en_US.UTF-8
environment.LC_ALL: en_US.UTF-8
environment.LC_COLLATE: POSIX
image.description: Liguros develop - openssl [x86_64] (2020-10-02)
image.os: LiGurOS
image.release: develop - openssl
migration.incremental.memory: "true"
raw.lxc: lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
security.idmap.isolated: "true"
security.idmap.size: "200000"
security.nesting: "true"
volatile.base_image: 9b8b5c695761f52b184e01be5ec1cf001c2ef58c24553492ac3918ae917d0c53
volatile.eth0.host_name: vetheaafb257
volatile.eth0.hwaddr: 00:16:3e:da:07:83
volatile.idmap.base: "6200000"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":6200000,"Nsid":0,"Maprange":200000},{"Isuid":false,"Isgid":true,"Hostid":6200000,"Nsid":0,"Maprange":200000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":6200000,"Nsid":0,"Maprange":200000},{"Isuid":false,"Isgid":true,"Hostid":6200000,"Nsid":0,"Maprange":200000}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":6200000,"Nsid":0,"Maprange":200000},{"Isuid":false,"Isgid":true,"Hostid":6200000,"Nsid":0,"Maprange":200000}]'
volatile.last_state.power: RUNNING
volatile.uuid: 1351acb2-ee1b-4ccc-a98c-c8aa275baf32
devices:
eth0:
name: eth0
nictype: bridged
parent: br0
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
Inside this container I am trying to start a NESTED-CONTAINER
:
lxc info --show-log test
Name: test
Status: STOPPED
Type: container
Architecture: x86_64
Created: 2022/02/18 09:30 -00
Last Used: 2022/02/18 10:12 -00
Log:
lxc test 20220218101234.768 ERROR cgfsng - cgroups/cgfsng.c:cgfsng_monitor_enter:1176 - No such file or directory - Failed to enter cgroup 42
lxc test 20220218101234.768 ERROR start - start.c:__lxc_start:2035 - Failed to enter monitor cgroup
lxc test 20220218101234.768 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:877 - Received container state "ABORTING" instead of "RUNNING"
lxc test 20220218101239.776 WARN cgfsng - cgroups/cgfsng.c:cgfsng_payload_destroy:548 - Uninitialized limit cgroup
lxc test 20220218101239.807 WARN cgfsng - cgroups/cgfsng.c:cgfsng_monitor_destroy:906 - No such file or directory - Failed to move monitor 19556 to "lxc.pivot"
lxc 20220218101239.808 ERROR af_unix - af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20220218101239.808 ERROR commands - commands.c:lxc_cmd_rsp_recv_fds:127 - Failed to receive file descriptors for command "get_state"
Config of the test container
architecture: x86_64
config:
image.architecture: amd64
image.description: Alpine edge amd64 (20220217_13:00)
image.os: Alpine
image.release: edge
image.serial: "20220217_13:00"
image.type: squashfs
image.variant: default
security.nesting: "true"
volatile.base_image: e2c0fd03f5b8f0de23dfc189a5f9ffdafc35673a86431a47a32c23e6aa1d50a4
volatile.eth0.host_name: vethf4d7b041
volatile.eth0.hwaddr: 00:16:3e:c6:3e:2d
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":65536,"Nsid":0,"Maprange":131072},{"Isuid":false,"Isgid":true,"Hostid":65536,"Nsid":0,"Maprange":131072}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":65536,"Nsid":0,"Maprange":131072},{"Isuid":false,"Isgid":true,"Hostid":65536,"Nsid":0,"Maprange":131072}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":65536,"Nsid":0,"Maprange":131072},{"Isuid":false,"Isgid":true,"Hostid":65536,"Nsid":0,"Maprange":131072}]'
volatile.last_state.power: STOPPED
volatile.uuid: c933f3a7-4836-430f-8b53-5d144113506e
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
I kindly ask for assistance how to provide more information and how to resolve the issue.