OCI container failure: An error occurred in another process (expected sequence number 4)

bbigras in 🌐 desktop in ~ on ☁️   (us-east-1)                                                                                                             ❯ incus launch docker:hello-world mydocker --console
Launching mydocker
Error: Failed instance creation: Failed to run: /nix/store/z09sfym31f8qkl6kbanr87jhscdpvp0a-incus-6.3.0/bin/incusd forkstart mydocker /var/lib/incus/containers /run/incus/mydocker/lxc.conf: exit status 1

bbigras in 🌐 desktop in ~ on ☁️   (us-east-1)                                                                                                             ❯ incus info --show-log mydocker
Name: mydocker
Status: STOPPED
Type: container (application)
Architecture: x86_64
Created: 2024/07/12 18:31 EDT
Last Used: 2024/07/12 18:31 EDT

Log:

lxc mydocker 20240712223133.189 ERROR    utils - ../src/lxc/utils.c:run_buffer:571 - Script exited with status 127
lxc mydocker 20240712223133.189 ERROR    conf - ../src/lxc/conf.c:lxc_setup:3940 - Failed to run mount hooks
lxc mydocker 20240712223133.189 ERROR    start - ../src/lxc/start.c:do_start:1273 - Failed to setup container "mydocker"
lxc mydocker 20240712223133.189 ERROR    sync - ../src/lxc/sync.c:sync_wait:34 - An error occurred in another process (expected sequence number 4)        lxc mydocker 20240712223133.192 WARN     network - ../src/lxc/network.c:lxc_delete_network_priv:3674 - Failed to rename interface with index 0 from "eth0" to its initial name "veth9dbf5842"
lxc mydocker 20240712223133.192 ERROR    lxccontainer - ../src/lxc/lxccontainer.c:wait_on_daemonized_start:837 - Received container state "ABORTING" instead of "RUNNING"
lxc mydocker 20240712223133.192 ERROR    start - ../src/lxc/start.c:__lxc_start:2114 - Failed to spawn container "mydocker"
lxc mydocker 20240712223133.192 WARN     start - ../src/lxc/start.c:lxc_abort:1037 - No such process - Failed to send SIGKILL via pidfd 18 for process 682232
lxc 20240712223133.256 ERROR    af_unix - ../src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20240712223133.256 ERROR    commands - ../src/lxc/commands.c:lxc_cmd_rsp_recv_fds:128 - Failed to receive file descriptors for command "get_init_pid"

cc @stgraber

Can you show incus config show --expanded mydocker?

❯ incus config show --expanded mydocker
architecture: x86_64
config:
  environment.PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  environment.TERM: xterm
  image.architecture: x86_64
  image.description: docker.io/library/hello-world (OCI)
  image.type: oci
  volatile.base_image: 1408fec50309afee38f3535383f5b09419e6dc0925bc69891e79d84cc4cdcec6
  volatile.cloud-init.instance-id: 24fc4ce9-4363-439b-9589-cd1613a3defa
  volatile.container.oci: "true"
  volatile.eth0.hwaddr: 00:16:3e:ba:9c:71
  volatile.idmap.current: '[]'                                                                                                                              volatile.last_state.power: STOPPED                                                                                                                        volatile.last_state.ready: "false"
  volatile.uuid: 5ac498e2-f79e-42bf-87dc-4dcd8a370d03                                                                                                       volatile.uuid.generation: 5ac498e2-f79e-42bf-87dc-4dcd8a370d03
devices:
  eth0:                                                                                                                                                       name: eth0
    network: incusbr0
    type: nic
  root:
    path: /
    pool: default                                                                                                                                             size: 35GiB
    type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""

Can you run incus monitor --pretty in one shell while running incus start mydocker?

The failure appears to be in the mount hook, so that’s a bit odd as that’s not something that has changed for the OCI support.

❯ incus monitor --pretty
DEBUG  [2024-07-13T01:30:32-04:00] Event listener server handler started         id=c5db104c-3cb2-420a-b601-ef5b8176275a local=/var/lib/incus/unix.socket remote=@
DEBUG  [2024-07-13T01:30:50-04:00] Handling API request                          ip=@ method=GET protocol=unix url=/1.0 username=bbigras
DEBUG  [2024-07-13T01:30:50-04:00] Handling API request                          ip=@ method=GET protocol=unix url=/1.0/instances/mydocker username=bbigras
DEBUG  [2024-07-13T01:30:50-04:00] Handling API request                          ip=@ method=GET protocol=unix url=/1.0/events username=bbigras
DEBUG  [2024-07-13T01:30:50-04:00] Event listener server handler started         id=3b8efbce-66e9-4c2e-9306-104237cc9d88 local=/var/lib/incus/unix.socket remote=@
DEBUG  [2024-07-13T01:30:50-04:00] Handling API request                          ip=@ method=PUT protocol=unix url=/1.0/instances/mydocker/state username=bbigras
DEBUG  [2024-07-13T01:30:50-04:00] Started operation                             class=task description="Starting instance" operation=bd8c5a5a-6b17-408f-9ff1-8727547fdd13 project=default
DEBUG  [2024-07-13T01:30:50-04:00] New operation                                 class=task description="Starting instance" operation=bd8c5a5a-6b17-408f-9ff1-8727547fdd13 project=default
DEBUG  [2024-07-13T01:30:50-04:00] Start started                                 instance=mydocker instanceType=container project=default stateful=false
INFO   [2024-07-13T01:30:50-04:00] ID: bd8c5a5a-6b17-408f-9ff1-8727547fdd13, Class: task, Description: Starting instance  CreatedAt="2024-07-13 01:30:50.554189729 -0400 EDT" Err= Location=none MayCancel=false Metadata="map[]" Resources="map[instances:[/1.0/instances/mydocker]]" Status=Pending StatusCode=Pending UpdatedAt="2024-07-13 01:30:50.554189729 -0400 EDT"
DEBUG  [2024-07-13T01:30:50-04:00] Instance operation lock created               action=start instance=mydocker project=default reusable=false
INFO   [2024-07-13T01:30:50-04:00] ID: bd8c5a5a-6b17-408f-9ff1-8727547fdd13, Class: task, Description: Starting instance  CreatedAt="2024-07-13 01:30:50.554189729 -0400 EDT" Err= Location=none MayCancel=false Metadata="map[]" Resources="map[instances:[/1.0/instances/mydocker]]" Status=Running StatusCode=Running UpdatedAt="2024-07-13 01:30:50.554189729 -0400 EDT"
INFO   [2024-07-13T01:30:50-04:00] Starting instance                             action=start created="2024-07-12 22:31:33.03275888 +0000 UTC" ephemeral=false instance=mydocker instanceType=container project=default stateful=false used="2024-07-12 22:31:33.113134103 +0000 UTC"
DEBUG  [2024-07-13T01:30:50-04:00] Handling API request                          ip=@ method=GET protocol=unix url=/1.0/operations/bd8c5a5a-6b17-408f-9ff1-8727547fdd13 username=bbigras
DEBUG  [2024-07-13T01:30:50-04:00] MountInstance started                         driver=dir instance=mydocker pool=default project=default
DEBUG  [2024-07-13T01:30:50-04:00] MountInstance finished                        driver=dir instance=mydocker pool=default project=default
DEBUG  [2024-07-13T01:30:50-04:00] Starting device                               device=eth0 instance=mydocker instanceType=container project=default type=nic
DEBUG  [2024-07-13T01:30:50-04:00] Starting device                               device=root instance=mydocker instanceType=container project=default type=disk
DEBUG  [2024-07-13T01:30:50-04:00] UpdateInstanceBackupFile started              driver=dir instance=mydocker pool=default project=default
DEBUG  [2024-07-13T01:30:50-04:00] UpdateInstanceBackupFile finished             driver=dir instance=mydocker pool=default project=default
DEBUG  [2024-07-13T01:30:50-04:00] Skipping unmount as in use                    driver=dir pool=default refCount=1 volName=mydocker
DEBUG  [2024-07-13T01:30:50-04:00] Handling API request                          ip=@ method=GET protocol=unix url="/internal/containers/mydocker/onstart?project=default" username=root
DEBUG  [2024-07-13T01:30:50-04:00] Scheduler: container mydocker started: re-balancing
DEBUG  [2024-07-13T01:30:50-04:00] Instance operation lock finished              action=start err="Failed to run: /nix/store/z09sfym31f8qkl6kbanr87jhscdpvp0a-incus-6.3.0/bin/incusd forkstart mydocker /var/lib/incus/containers /run/incus/mydocker/lxc.conf: exit status 1" instance=mydocker project=default reusable=false
ERROR  [2024-07-13T01:30:50-04:00] Failed starting instance                      action=start created="2024-07-12 22:31:33.03275888 +0000 UTC" ephemeral=false instance=mydocker instanceType=container project=default stateful=false used="2024-07-12 22:31:33.113134103 +0000 UTC"
DEBUG  [2024-07-13T01:30:50-04:00] Failure for operation                         class=task description="Starting instance" err="Failed to run: /nix/store/z09sfym31f8qkl6kbanr87jhscdpvp0a-incus-6.3.0/bin/incusd forkstart mydocker /var/lib/incus/containers /run/incus/mydocker/lxc.conf: exit status 1" operation=bd8c5a5a-6b17-408f-9ff1-8727547fdd13 project=default
INFO   [2024-07-13T01:30:50-04:00] ID: bd8c5a5a-6b17-408f-9ff1-8727547fdd13, Class: task, Description: Starting instance  CreatedAt="2024-07-13 01:30:50.554189729 -0400 EDT" Err="Failed to run: /nix/store/z09sfym31f8qkl6kbanr87jhscdpvp0a-incus-6.3.0/bin/incusd forkstart mydocker /var/lib/incus/containers /run/incus/mydocker/lxc.conf: exit status 1" Location=none MayCancel=false Metadata="map[]" Resources="map[instances:[/1.0/instances/mydocker]]" Status=Failure StatusCode=Failure UpdatedAt="2024-07-13 01:30:50.554189729 -0400 EDT"
DEBUG  [2024-07-13T01:30:50-04:00] Start finished                                instance=mydocker instanceType=container project=default stateful=false
DEBUG  [2024-07-13T01:30:50-04:00] Event listener server handler stopped         listener=3b8efbce-66e9-4c2e-9306-104237cc9d88 local=/var/lib/incus/unix.socket remote=@
DEBUG  [2024-07-13T01:30:50-04:00] Handling API request                          ip=@ method=GET protocol=unix url="/internal/containers/mydocker/onstopns?netns=%2Fproc%2F686160%2Ffd%2F23&project=default&target=stop" username=root
DEBUG  [2024-07-13T01:30:50-04:00] Instance initiated stop                       action=stop instance=mydocker instanceType=container project=default
DEBUG  [2024-07-13T01:30:50-04:00] Instance operation lock created               action=stop instance=mydocker project=default reusable=false
DEBUG  [2024-07-13T01:30:50-04:00] Stopping device                               device=eth0 instance=mydocker instanceType=container project=default type=nic
DEBUG  [2024-07-13T01:30:51-04:00] Handling API request                          ip=@ method=GET protocol=unix url="/internal/containers/mydocker/onstop?project=default&target=stop" username=root
DEBUG  [2024-07-13T01:30:51-04:00] Instance operation lock inherited for stop    action=stop instance=mydocker instanceType=container project=default
DEBUG  [2024-07-13T01:30:51-04:00] Instance stopped, cleaning up                 instance=mydocker instanceType=container project=default
DEBUG  [2024-07-13T01:30:51-04:00] Stopping device                               device=root instance=mydocker instanceType=container project=default type=disk
DEBUG  [2024-07-13T01:30:51-04:00] UnmountInstance started                       driver=dir instance=mydocker pool=default project=default
DEBUG  [2024-07-13T01:30:51-04:00] UnmountInstance finished                      driver=dir instance=mydocker pool=default project=default
INFO   [2024-07-13T01:30:51-04:00] Action: instance-shutdown, Source: /1.0/instances/mydocker
DEBUG  [2024-07-13T01:30:51-04:00] Instance operation lock finished              action=stop err="<nil>" instance=mydocker project=default reusable=false
INFO   [2024-07-13T01:30:51-04:00] Shut down instance                            action=stop created="2024-07-12 22:31:33.03275888 +0000 UTC" ephemeral=false instance=mydocker instanceType=container project=default stateful=false used="2024-07-13 05:30:50.599969599 +0000 UTC"
DEBUG  [2024-07-13T01:30:51-04:00] Scheduler: container mydocker stopped: re-balancing

Are you getting the same error if starting another container?

What about starting a regular Incus system container?

What storage pool type is this on?

❯ incus launch docker:nginx mynginx --console --ephemeral
Launching mynginx
Error: Failed instance creation: Failed to run: /nix/store/z09sfym31f8qkl6kbanr87jhscdpvp0a-incus-6.3.0/bin/incusd forkstart mynginx /var/lib/incus/containers /run/incus/mynginx/lxc.conf: exit status 1

❯ incus launch docker:hello-world mydocker --console
Launching mydocker
Error: Failed instance creation: Failed to run: /nix/store/z09sfym31f8qkl6kbanr87jhscdpvp0a-incus-6.3.0/bin/incusd forkstart mydocker /var/lib/incus/containers /run/incus/mydocker/lxc.conf: exit status 1

That seems fine:

❯ incus launch images:ubuntu/22.04 first
Launching first

I’m using ext4.

❯ incus storage list
+---------+--------+-------------+---------+---------+
|  NAME   | DRIVER | DESCRIPTION | USED BY |  STATE  |
+---------+--------+-------------+---------+---------+
| default | dir    |             | 3       | CREATED |
+---------+--------+-------------+---------+---------+
❯ incus storage show default
config:
  source: /var/lib/incus/storage-pools/default
description: ""
name: default
driver: dir
used_by:
- /1.0/instances/first
- /1.0/instances/nixos
- /1.0/profiles/default
status: Created
locations:
- none

Can you show the output of find /var/lib/incus/storage-pools/default/containers/mydocker/?

❯ sudo find /var/lib/incus/storage-pools/default/containers/mydocker/
find: ‘/var/lib/incus/storage-pools/default/containers/mydocker/’: No such file or directory

❯ sudo ls /var/lib/incus/storage-pools/default
buckets  containers  containers-snapshots  custom  custom-snapshots  images  virtual-machines  virtual-machines-snapshots

So you did incus launch docker:hello-world mydocker, you see a mydocker container in incus list but you don’t see it in /var/lib/incus/storage-pols/default/containers/?

I’m sorry. It’s there. I think I cleaned it up too quickly.

❯ sudo find /var/lib/incus/storage-pools/default/containers/mydocker/
/var/lib/incus/storage-pools/default/containers/mydocker/
/var/lib/incus/storage-pools/default/containers/mydocker/backup.yaml
/var/lib/incus/storage-pools/default/containers/mydocker/rootfs
/var/lib/incus/storage-pools/default/containers/mydocker/rootfs/sys
/var/lib/incus/storage-pools/default/containers/mydocker/rootfs/dev
/var/lib/incus/storage-pools/default/containers/mydocker/rootfs/hello
/var/lib/incus/storage-pools/default/containers/mydocker/rootfs/proc
/var/lib/incus/storage-pools/default/containers/mydocker/rootfs/etc
/var/lib/incus/storage-pools/default/containers/mydocker/rootfs/etc/hosts
/var/lib/incus/storage-pools/default/containers/mydocker/rootfs/etc/hostname
/var/lib/incus/storage-pools/default/containers/mydocker/rootfs/etc/resolv.conf
/var/lib/incus/storage-pools/default/containers/mydocker/metadata.yaml
/var/lib/incus/storage-pools/default/containers/mydocker/config.json
/var/lib/incus/storage-pools/default/containers/mydocker/network
/var/lib/incus/storage-pools/default/containers/mydocker/network/hosts
/var/lib/incus/storage-pools/default/containers/mydocker/network/hostname
/var/lib/incus/storage-pools/default/containers/mydocker/network/resolv.conf

Can you do incus config set mydocker raw.lxc=lxc.log.level=trace and then do incus start mydocker and finally incus info --show-log mydocker to fetch the trace output.

❯ incus info --show-log mydocker
Name: mydocker
Status: STOPPED
Type: container (application)
Architecture: x86_64
Created: 2024/07/14 23:12 EDT
Last Used: 2024/07/14 23:24 EDT

Log:

lxc mydocker 20240715032412.266 TRACE    commands - ../src/lxc/commands.c:lxc_cmd_timeout:525 - Connection refused - Command "get_state" failed to connect command socket
lxc mydocker 20240715032412.266 TRACE    start - ../src/lxc/start.c:lxc_init_handler:739 - Created anonymous pair {3,7} of unix sockets
lxc mydocker 20240715032412.266 TRACE    commands - ../src/lxc/commands.c:lxc_server_init:2138 - Created abstract unix socket "/var/lib/incus/containers/mydocker/command"
lxc mydocker 20240715032412.266 TRACE    start - ../src/lxc/start.c:lxc_init_handler:755 - Unix domain socket 9 for command server is ready
lxc mydocker 20240715032412.267 INFO     lxccontainer - ../src/lxc/lxccontainer.c:do_lxcapi_start:959 - Set process title to [lxc monitor] /var/lib/incus/containers mydocker
lxc mydocker 20240715032412.268 INFO     start - ../src/lxc/start.c:lxc_check_inherited:326 - Closed inherited fd 4
lxc mydocker 20240715032412.268 INFO     start - ../src/lxc/start.c:lxc_check_inherited:326 - Closed inherited fd 5
lxc mydocker 20240715032412.268 INFO     start - ../src/lxc/start.c:lxc_check_inherited:326 - Closed inherited fd 6
lxc mydocker 20240715032412.268 INFO     start - ../src/lxc/start.c:lxc_check_inherited:326 - Closed inherited fd 18
lxc mydocker 20240715032412.268 TRACE    execute - ../src/lxc/execute.c:lxc_execute:49 - Doing lxc_execute
lxc mydocker 20240715032412.268 INFO     lsm - ../src/lxc/lsm/lsm.c:lsm_init_static:38 - Initialized LSM security driver nop
lxc mydocker 20240715032412.268 TRACE    start - ../src/lxc/start.c:lxc_init:779 - Initialized LSM
lxc mydocker 20240715032412.268 TRACE    start - ../src/lxc/start.c:lxc_serve_state_clients:484 - Set container state to STARTING
lxc mydocker 20240715032412.268 TRACE    start - ../src/lxc/start.c:lxc_serve_state_clients:487 - No state clients registered
lxc mydocker 20240715032412.268 TRACE    start - ../src/lxc/start.c:lxc_init:785 - Set container state to "STARTING"
lxc mydocker 20240715032412.268 TRACE    start - ../src/lxc/start.c:lxc_init:841 - Set environment variables
lxc mydocker 20240715032412.268 INFO     utils - ../src/lxc/utils.c:run_script_argv:590 - Executing script "/proc/1303/exe callhook /var/lib/incus "default" "mydocker" start" for container "mydocker"
lxc mydocker 20240715032412.268 TRACE    utils - ../src/lxc/utils.c:run_script_argv:633 - Set environment variable: LXC_HOOK_TYPE=pre-start
lxc mydocker 20240715032412.268 TRACE    utils - ../src/lxc/utils.c:run_script_argv:638 - Set environment variable: LXC_HOOK_SECTION=lxc
lxc mydocker 20240715032412.268 DEBUG    lxccontainer - ../src/lxc/lxccontainer.c:wait_on_daemonized_start:818 - First child 34668 exited
lxc mydocker 20240715032412.288 TRACE    start - ../src/lxc/start.c:lxc_init:846 - Ran pre-start hooks
lxc mydocker 20240715032412.288 TRACE    start - ../src/lxc/start.c:setup_signal_fd:371 - Created signal file descriptor 5
lxc mydocker 20240715032412.288 TRACE    start - ../src/lxc/start.c:lxc_init:859 - Set up signal fd
lxc mydocker 20240715032412.288 INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:unpriv_systemd_create_scope:1498 - Running privileged, not using a systemd unit
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_hierarchy_add:462 - Adding cgroup hierarchy mounted at  and base cgroup (null)
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_hierarchy_add:465 - The hierarchy contains the cpuset controller
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_hierarchy_add:465 - The hierarchy contains the cpu controller
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_hierarchy_add:465 - The hierarchy contains the io controller
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_hierarchy_add:465 - The hierarchy contains the memory controller
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_hierarchy_add:465 - The hierarchy contains the hugetlb controller
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_hierarchy_add:465 - The hierarchy contains the pids controller
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_hierarchy_add:465 - The hierarchy contains the rdma controller
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_hierarchy_add:465 - The hierarchy contains the misc controller
lxc mydocker 20240715032412.288 TRACE    cgroup2_devices - ../src/lxc/cgroups/cgroup2_devices.c:bpf_program_load_kernel:335 - Loaded bpf program: func#0 @0
0: R1=ctx() R10=fp0
0: (61) r2 = *(u32 *)(r1 +0)          ; R1=ctx() R2_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))
1: (54) w2 &= 65535                   ; R2_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=0xffff,var_off=(0x0; 0xffff))
2: (61) r3 = *(u32 *)(r1 +0)          ; R1=ctx() R3_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))
3: (74) w3 >>= 16                     ; R3_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=0xffff,var_off=(0x0; 0xffff))
4: (61) r4 = *(u32 *)(r1 +4)          ; R1=ctx() R4_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))
5: (61) r5 = *(u32 *)(r1 +8)          ; R1=ctx() R5_w=scalar(smin=0,smax=umax=0xffffffff,var_off=(0x0; 0xffffffff))
6: (b7) r0 = 1                        ; R0_w=1
7: (95) exit
mark_precise: frame0: last_idx 7 first_idx 0 subseq_idx -1
mark_precise: frame0: regs=r0 stack= before 6: (b7) r0 = 1
processed 8 insns (limit 1000000) max_states_per_insn 0 total_states 0 peak_states 0 mark_read 0

lxc mydocker 20240715032412.288 TRACE    cgroup2_devices - ../src/lxc/cgroups/cgroup2_devices.c:bpf_devices_cgroup_supported:553 - The bpf device cgroup is supported
lxc mydocker 20240715032412.288 TRACE    cgroup - ../src/lxc/cgroups/cgroup.c:cgroup_init:41 - Initialized cgroup driver cgfsng
lxc mydocker 20240715032412.288 TRACE    cgroup - ../src/lxc/cgroups/cgroup.c:cgroup_init:48 - Unified cgroup layout
lxc mydocker 20240715032412.288 TRACE    start - ../src/lxc/start.c:lxc_init:866 - Initialized cgroup driver
lxc mydocker 20240715032412.288 DEBUG    seccomp - ../src/lxc/seccomp.c:parse_config_v2:664 - Host native arch is [3221225534]
lxc mydocker 20240715032412.288 TRACE    seccomp - ../src/lxc/seccomp.c:get_new_ctx:478 - Added arch 2 to main seccomp context
lxc mydocker 20240715032412.288 TRACE    seccomp - ../src/lxc/seccomp.c:get_new_ctx:486 - Removed native arch from main seccomp context
lxc mydocker 20240715032412.288 TRACE    seccomp - ../src/lxc/seccomp.c:get_new_ctx:478 - Added arch 3 to main seccomp context
lxc mydocker 20240715032412.288 TRACE    seccomp - ../src/lxc/seccomp.c:get_new_ctx:486 - Removed native arch from main seccomp context
lxc mydocker 20240715032412.288 TRACE    seccomp - ../src/lxc/seccomp.c:get_new_ctx:491 - Arch 4 already present in main seccomp context
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "[all]"
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "[all]"
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "kexec_load errno 38"
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[246:kexec_load] action[327718:errno] arch[0]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[246:kexec_load] action[327718:errno] arch[1073741827]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[246:kexec_load] action[327718:errno] arch[1073741886]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "open_by_handle_at errno 38"
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[304:open_by_handle_at] action[327718:errno] arch[0]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[304:open_by_handle_at] action[327718:errno] arch[1073741827]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[304:open_by_handle_at] action[327718:errno] arch[1073741886]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "init_module errno 38"
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[175:init_module] action[327718:errno] arch[0]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[175:init_module] action[327718:errno] arch[1073741827]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[175:init_module] action[327718:errno] arch[1073741886]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "finit_module errno 38"
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[313:finit_module] action[327718:errno] arch[0]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[313:finit_module] action[327718:errno] arch[1073741827]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[313:finit_module] action[327718:errno] arch[1073741886]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "delete_module errno 38"
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[176:delete_module] action[327718:errno] arch[0]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[176:delete_module] action[327718:errno] arch[1073741827]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[176:delete_module] action[327718:errno] arch[1073741886]
lxc mydocker 20240715032412.288 INFO     seccomp - ../src/lxc/seccomp.c:parse_config_v2:1036 - Merging compat seccomp contexts into main context
lxc mydocker 20240715032412.288 TRACE    seccomp - ../src/lxc/seccomp.c:parse_config_v2:1046 - Merged first compat seccomp context into main context
lxc mydocker 20240715032412.288 TRACE    seccomp - ../src/lxc/seccomp.c:parse_config_v2:1062 - Merged second compat seccomp context into main context
lxc mydocker 20240715032412.288 TRACE    start - ../src/lxc/start.c:lxc_init:873 - Read seccomp policy
lxc mydocker 20240715032412.288 TRACE    start - ../src/lxc/start.c:lxc_init:880 - Initialized LSM
lxc mydocker 20240715032412.288 INFO     start - ../src/lxc/start.c:lxc_init:882 - Container "mydocker" is initialized
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroup_tree_create:726 - Created 10(lxc.monitor.mydocker) cgroup
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroup_tree_create:741 - Opened newly created cgroup lxc.monitor.mydocker as 11
lxc mydocker 20240715032412.288 INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_create:1669 - The monitor process uses "lxc.monitor.mydocker" as cgroup
lxc mydocker 20240715032412.288 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgfsng_delegate_controllers:3620 - Enabled "+cpuset +cpu +io +memory +hugetlb +pids +rdma +misc" controllers in the unified cgroup 10
lxc mydocker 20240715032412.301 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_enter:1819 - Moved monitor (34671) into cgroup 11
lxc mydocker 20240715032412.302 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_enter:1833 - Moved transient process into cgroup 11
lxc mydocker 20240715032412.302 DEBUG    storage - ../src/lxc/storage/storage.c:get_storage_by_name:209 - Detected rootfs type "dir"
lxc mydocker 20240715032412.302 TRACE    conf - ../src/lxc/conf.c:lxc_rootfs_init:391 - Pinned rootfs 13(.lxc_keep)
lxc mydocker 20240715032412.302 TRACE    conf - ../src/lxc/conf.c:lxc_rootfs_init:407 - Unlinked pinned file 12(.lxc_keep)
lxc mydocker 20240715032412.302 TRACE    sync - ../src/lxc/sync.c:lxc_sync_init:139 - Initialized synchronization infrastructure
lxc mydocker 20240715032412.302 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroup_tree_create:726 - Created 10(lxc.payload.mydocker) cgroup
lxc mydocker 20240715032412.302 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroup_tree_create:741 - Opened newly created cgroup lxc.payload.mydocker as 17
lxc mydocker 20240715032412.302 INFO     cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_payload_create:1777 - The container process uses "lxc.payload.mydocker" as inner and "lxc.payload.mydocker" as limit cgroup
lxc mydocker 20240715032412.303 TRACE    start - ../src/lxc/start.c:lxc_spawn:1709 - Spawned container directly into target cgroup via cgroup2 fd 17
lxc mydocker 20240715032412.303 TRACE    start - ../src/lxc/start.c:lxc_spawn:1749 - Cloned child process 34693
lxc mydocker 20240715032412.303 TRACE    start - ../src/lxc/start.c:lxc_spawn:1709 - Spawned container directly into target cgroup via cgroup2 fd 17
lxc mydocker 20240715032412.311 TRACE    start - ../src/lxc/start.c:core_scheduling:1589 - Created new core scheduling domain with cookie 74633979
lxc mydocker 20240715032412.311 TRACE    utils - ../src/lxc/utils.c:lxc_can_use_pidfd:2026 - Kernel supports pidfds
lxc mydocker 20240715032412.311 INFO     start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWNS
lxc mydocker 20240715032412.311 INFO     start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWPID
lxc mydocker 20240715032412.311 INFO     start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWUTS
lxc mydocker 20240715032412.311 INFO     start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWIPC
lxc mydocker 20240715032412.311 INFO     start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWNET
lxc mydocker 20240715032412.311 INFO     start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWCGROUP
lxc mydocker 20240715032412.311 DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved mnt namespace via fd 19 and stashed path as mnt:/proc/34671/fd/19
lxc mydocker 20240715032412.311 DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved pid namespace via fd 20 and stashed path as pid:/proc/34671/fd/20
lxc mydocker 20240715032412.311 DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved uts namespace via fd 21 and stashed path as uts:/proc/34671/fd/21
lxc mydocker 20240715032412.311 DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved ipc namespace via fd 22 and stashed path as ipc:/proc/34671/fd/22
lxc mydocker 20240715032412.311 DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved net namespace via fd 23 and stashed path as net:/proc/34671/fd/23
lxc mydocker 20240715032412.311 DEBUG    start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved cgroup namespace via fd 24 and stashed path as cgroup:/proc/34671/fd/24
lxc mydocker 20240715032412.312 TRACE    sync - ../src/lxc/sync.c:lxc_sync_wait_parent:110 - Child waiting for parent with sequence startup
lxc mydocker 20240715032412.312 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgfsng_delegate_controllers:3620 - Enabled "+cpuset +cpu +io +memory +hugetlb +pids +rdma +misc" controllers in the unified cgroup 10
lxc mydocker 20240715032412.312 TRACE    sync - ../src/lxc/sync.c:lxc_sync_barrier_child:97 - Parent waking child with sequence startup and waiting with sequence configure
lxc mydocker 20240715032412.312 TRACE    sync - ../src/lxc/sync.c:lxc_sync_wake_parent:104 - Child waking parent with sequence configure
lxc mydocker 20240715032412.312 TRACE    conf - ../src/lxc/conf.c:lxc_set_environment:5231 - Set environment variable: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
lxc mydocker 20240715032412.312 TRACE    conf - ../src/lxc/conf.c:lxc_set_environment:5231 - Set environment variable: TERM=xterm
lxc mydocker 20240715032412.312 TRACE    sync - ../src/lxc/sync.c:lxc_sync_wait_parent:110 - Child waiting for parent with sequence post-configure
lxc mydocker 20240715032412.312 TRACE    start - ../src/lxc/start.c:lxc_spawn:1841 - Allocated new network namespace id
lxc mydocker 20240715032412.312 DEBUG    network - ../src/lxc/network.c:netdev_configure_server_phys:1250 - Instantiated phys "veth36ae2665" with ifindex "32"
lxc mydocker 20240715032412.314 TRACE    network - ../src/lxc/network.c:create_transient_name:3542 - Created transient name phys4SXlBf for network device
lxc mydocker 20240715032412.331 DEBUG    network - ../src/lxc/network.c:lxc_network_move_created_netdev_priv:3593 - Moved network device "veth36ae2665" with ifindex 32 to network namespace of 34693 and renamed to phys4SXlBf
lxc mydocker 20240715032412.331 TRACE    sync - ../src/lxc/sync.c:lxc_sync_wake_child:122 - Parent waking child with sequence post-configure
lxc mydocker 20240715032412.331 TRACE    network - ../src/lxc/network.c:lxc_network_send_to_child:4105 - Sent network device name "phys4SXlBf" to child
lxc mydocker 20240715032412.331 TRACE    sync - ../src/lxc/sync.c:lxc_sync_wait_child:116 - Parent waiting for child with sequence idmapped-mounts
lxc mydocker 20240715032412.331 TRACE    conf - ../src/lxc/conf.c:turn_into_dependent_mounts:3455 - Turned all mount table entries into dependent mount
lxc mydocker 20240715032412.331 TRACE    mount_utils - ../src/lxc/mount_utils.c:can_use_mount_api:582 - Kernel supports mount api
lxc mydocker 20240715032412.331 TRACE    mount_utils - ../src/lxc/mount_utils.c:can_use_bind_mounts:607 - Kernel supports bind mounts in the new mount api
lxc mydocker 20240715032412.331 TRACE    mount_utils - ../src/lxc/mount_utils.c:move_detached_mount:328 - Attach detached mount 21 to filesystem at 19
lxc mydocker 20240715032412.331 TRACE    dir - ../src/lxc/storage/dir.c:dir_mount:197 - Mounted "/var/lib/incus/storage-pools/default/containers/mydocker/rootfs" onto "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs"
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:lxc_mount_rootfs:1240 - Mounted rootfs "/var/lib/incus/storage-pools/default/containers/mydocker/rootfs" onto "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs" with options "(null)"
lxc mydocker 20240715032412.331 TRACE    conf - ../src/lxc/conf.c:lxc_mount_rootfs:1248 - Container uses separate rootfs. Opened container's rootfs
lxc mydocker 20240715032412.331 INFO     conf - ../src/lxc/conf.c:setup_utsname:679 - Set hostname to "mydocker"
lxc mydocker 20240715032412.331 TRACE    network - ../src/lxc/network.c:lxc_network_recv_from_parent:4130 - Received network device name "phys4SXlBf" from parent
lxc mydocker 20240715032412.331 TRACE    network - ../src/lxc/network.c:__netdev_configure_container_common:1320 - Renamed network device from "phys4SXlBf" to "eth0"
lxc mydocker 20240715032412.331 DEBUG    network - ../src/lxc/network.c:setup_hw_addr:3866 - Mac address "00:16:3e:90:ce:ea" on "eth0" has been setup
lxc mydocker 20240715032412.331 DEBUG    network - ../src/lxc/network.c:lxc_network_setup_in_child_namespaces_common:4007 - Network device "eth0" has been setup
lxc mydocker 20240715032412.331 INFO     network - ../src/lxc/network.c:lxc_setup_network_in_child_namespaces:4064 - Finished setting up network devices with caller assigned names
lxc mydocker 20240715032412.331 INFO     conf - ../src/lxc/conf.c:mount_autodev:1023 - Preparing "/dev"
lxc mydocker 20240715032412.331 TRACE    mount_utils - ../src/lxc/mount_utils.c:__fs_prepare:177 - Finished initializing new tmpfs filesystem context 20
lxc mydocker 20240715032412.331 TRACE    mount_utils - ../src/lxc/mount_utils.c:fs_set_property:215 - Set "mode" to "0755" on filesystem context 20
lxc mydocker 20240715032412.331 TRACE    mount_utils - ../src/lxc/mount_utils.c:fs_set_property:215 - Set "size" to "500000" on filesystem context 20
lxc mydocker 20240715032412.331 TRACE    mount_utils - ../src/lxc/mount_utils.c:fs_attach:266 - Mounted 22 onto 21
lxc mydocker 20240715032412.331 INFO     conf - ../src/lxc/conf.c:mount_autodev:1084 - Prepared "/dev"
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:539 - Invalid argument - Tried to ensure procfs is unmounted
lxc mydocker 20240715032412.331 TRACE    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:546 - Created procfs mountpoint under 19
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:562 - Invalid argument - Tried to ensure sysfs is unmounted
lxc mydocker 20240715032412.331 TRACE    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:569 - Created sysfs mountpoint under 19
lxc mydocker 20240715032412.331 TRACE    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:623 - Mounted automount "proc" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/proc" read-write with flags 14
lxc mydocker 20240715032412.331 TRACE    conf - ../src/lxc/conf.c:lxc_mount_auto_mounts:623 - Mounted automount "sysfs" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys" read-write with flags 0
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/dev/fuse" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/fuse" to respect bind or remount options
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/dev/fuse" were 2, required extra flags are 2
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/dev/fuse" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/fuse" with filesystem type "none"
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/dev/net/tun" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/net/tun" to respect bind or remount options
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/dev/net/tun" were 2, required extra flags are 2
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/dev/net/tun" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/net/tun" with filesystem type "none"
lxc mydocker 20240715032412.331 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/sys/firmware/efi/efivars" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/firmware/efi/efivars" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/sys/firmware/efi/efivars" were 4110, required extra flags are 14
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/sys/firmware/efi/efivars" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/firmware/efi/efivars" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/sys/fs/fuse/connections" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/sys/fs/fuse/connections" were 4110, required extra flags are 14
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/sys/fs/fuse/connections" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/sys/fs/pstore" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/fs/pstore" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/sys/fs/pstore" were 4110, required extra flags are 14
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/sys/fs/pstore" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/fs/pstore" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/sys/kernel/config" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/kernel/config" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/sys/kernel/config" were 4110, required extra flags are 14
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/sys/kernel/config" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/kernel/config" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/sys/kernel/debug" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/kernel/debug" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/sys/kernel/debug" were 4110, required extra flags are 14
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/sys/kernel/debug" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/kernel/debug" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/sys/kernel/security" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/kernel/security" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/sys/kernel/security" were 4110, required extra flags are 14
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/sys/kernel/security" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/kernel/security" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/sys/kernel/tracing" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/kernel/tracing" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/sys/kernel/tracing" were 4110, required extra flags are 14
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/sys/kernel/tracing" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/sys/kernel/tracing" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/dev/mqueue" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/mqueue" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/dev/mqueue" were 4110, required extra flags are 14
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/dev/mqueue" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/mqueue" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/var/lib/incus/guestapi" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/incus" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/var/lib/incus/guestapi" were 4096, required extra flags are 0
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2247 - Mountflags already were 4096, skipping remount
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/var/lib/incus/guestapi" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/incus" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/var/lib/incus/containers/mydocker/network/hosts" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/etc/hosts" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/var/lib/incus/containers/mydocker/network/hosts" were 4096, required extra flags are 0
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2247 - Mountflags already were 4096, skipping remount
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/var/lib/incus/containers/mydocker/network/hosts" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/etc/hosts" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/var/lib/incus/containers/mydocker/network/hostname" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/etc/hostname" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/var/lib/incus/containers/mydocker/network/hostname" were 4096, required extra flags are 0
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2247 - Mountflags already were 4096, skipping remount
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/var/lib/incus/containers/mydocker/network/hostname" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/etc/hostname" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/var/lib/incus/containers/mydocker/network/resolv.conf" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/etc/resolv.conf" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/var/lib/incus/containers/mydocker/network/resolv.conf" were 4096, required extra flags are 0
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2247 - Mountflags already were 4096, skipping remount
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/var/lib/incus/containers/mydocker/network/resolv.conf" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/etc/resolv.conf" with filesystem type "none"
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2219 - Remounting "/var/lib/incus/shmounts/mydocker" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/.incus-mounts" to respect bind or remount options
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2238 - Flags for "/var/lib/incus/shmounts/mydocker" were 4096, required extra flags are 0
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2247 - Mountflags already were 4096, skipping remount
lxc mydocker 20240715032412.332 DEBUG    conf - ../src/lxc/conf.c:mount_entry:2282 - Mounted "/var/lib/incus/shmounts/mydocker" on "/nix/store/h31fdqhml3k79v5xipgh495rkld5q6jw-lxc-6.0.1/lib/lxc/rootfs/dev/.incus-mounts" with filesystem type "none"
lxc mydocker 20240715032412.332 TRACE    sync - ../src/lxc/sync.c:lxc_sync_wake_parent:104 - Child waking parent with sequence idmapped-mounts
lxc mydocker 20240715032412.332 TRACE    conf - ../src/lxc/conf.c:lxc_idmapped_mounts_child:2903 - Finished setting up idmapped mounts
lxc mydocker 20240715032412.332 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_mount:2254 - Read-write cgroup mounts requested
lxc mydocker 20240715032412.332 TRACE    conf - ../src/lxc/conf.c:lxc_idmapped_mounts_parent:3655 - Finished receiving idmapped mount file descriptors (-9 | -9) from child
lxc mydocker 20240715032412.332 TRACE    mount_utils - ../src/lxc/mount_utils.c:__fs_prepare:177 - Finished initializing new cgroup2 filesystem context 22
lxc mydocker 20240715032412.332 TRACE    sync - ../src/lxc/sync.c:lxc_sync_wait_child:116 - Parent waiting for child with sequence cgroup-limits
lxc mydocker 20240715032412.332 TRACE    mount_utils - ../src/lxc/mount_utils.c:fs_attach:266 - Mounted 23 onto 21
lxc mydocker 20240715032412.332 DEBUG    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroupfs_mount:2187 - Mounted cgroup filesystem cgroup2 onto 21((null))
lxc mydocker 20240715032412.332 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_mount:2355 - Force mounted cgroup filesystem in new cgroup namespace
lxc mydocker 20240715032412.332 INFO     utils - ../src/lxc/utils.c:run_script_argv:590 - Executing script "/nix/store/cfwa9a0aiv9h5mlw8k5zj3jv0ak0cir6-lxcfs-6.0.1/share/lxcfs/lxc.mount.hook" for container "mydocker"
lxc mydocker 20240715032412.332 TRACE    utils - ../src/lxc/utils.c:run_script_argv:633 - Set environment variable: LXC_HOOK_TYPE=mount
lxc mydocker 20240715032412.332 TRACE    utils - ../src/lxc/utils.c:run_script_argv:638 - Set environment variable: LXC_HOOK_SECTION=lxc
lxc mydocker 20240715032412.339 DEBUG    utils - ../src/lxc/utils.c:run_buffer:560 - Script exec /nix/store/cfwa9a0aiv9h5mlw8k5zj3jv0ak0cir6-lxcfs-6.0.1/share/lxcfs/lxc.mount.hook produced output: /nix/store/cfwa9a0aiv9h5mlw8k5zj3jv0ak0cir6-lxcfs-6.0.1/share/lxcfs/.lxc.mount.hook-wrapped: line 15: readlink: command not found

lxc mydocker 20240715032412.339 ERROR    utils - ../src/lxc/utils.c:run_buffer:571 - Script exited with status 127
lxc mydocker 20240715032412.339 ERROR    conf - ../src/lxc/conf.c:lxc_setup:3940 - Failed to run mount hooks
lxc mydocker 20240715032412.339 ERROR    start - ../src/lxc/start.c:do_start:1273 - Failed to setup container "mydocker"
lxc mydocker 20240715032412.339 TRACE    sync - ../src/lxc/sync.c:lxc_sync_wake_parent:104 - Child waking parent with sequence error
lxc mydocker 20240715032412.339 ERROR    sync - ../src/lxc/sync.c:sync_wait:34 - An error occurred in another process (expected sequence number 4)
lxc mydocker 20240715032412.339 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_MNT_NS=/proc/34671/fd/19
lxc mydocker 20240715032412.339 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_PID_NS=/proc/34671/fd/20
lxc mydocker 20240715032412.339 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_UTS_NS=/proc/34671/fd/21
lxc mydocker 20240715032412.339 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_IPC_NS=/proc/34671/fd/22
lxc mydocker 20240715032412.339 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_NET_NS=/proc/34671/fd/23
lxc mydocker 20240715032412.339 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_CGROUP_NS=/proc/34671/fd/24
lxc mydocker 20240715032412.343 WARN     network - ../src/lxc/network.c:lxc_delete_network_priv:3674 - Failed to rename interface with index 0 from "eth0" to its initial name "veth36ae2665"
lxc mydocker 20240715032412.343 DEBUG    network - ../src/lxc/network.c:lxc_delete_network:4220 - Deleted network devices
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_serve_state_socket_pair:545 - Sent container state "ABORTING" to 7
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_serve_state_clients:484 - Set container state to ABORTING
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_serve_state_clients:487 - No state clients registered
lxc mydocker 20240715032412.343 ERROR    lxccontainer - ../src/lxc/lxccontainer.c:wait_on_daemonized_start:837 - Received container state "ABORTING" instead of "RUNNING"
lxc mydocker 20240715032412.343 ERROR    start - ../src/lxc/start.c:__lxc_start:2114 - Failed to spawn container "mydocker"
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_serve_state_clients:484 - Set container state to ABORTING
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_serve_state_clients:487 - No state clients registered
lxc mydocker 20240715032412.343 WARN     start - ../src/lxc/start.c:lxc_abort:1037 - No such process - Failed to send SIGKILL via pidfd 18 for process 34693
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_serve_state_clients:484 - Set container state to STOPPING
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_serve_state_clients:487 - No state clients registered
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_MNT_NS=/proc/34671/fd/19
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_PID_NS=/proc/34671/fd/20
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_UTS_NS=/proc/34671/fd/21
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_IPC_NS=/proc/34671/fd/22
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_NET_NS=/proc/34671/fd/23
lxc mydocker 20240715032412.343 TRACE    start - ../src/lxc/start.c:lxc_expose_namespace_environment:907 - Set environment variable LXC_CGROUP_NS=/proc/34671/fd/24
lxc mydocker 20240715032412.343 INFO     utils - ../src/lxc/utils.c:run_script_argv:590 - Executing script "/nix/store/z09sfym31f8qkl6kbanr87jhscdpvp0a-incus-6.3.0/bin/incusd callhook /var/lib/incus "default" "mydocker" stopns" for container "mydocker"
lxc mydocker 20240715032412.343 TRACE    utils - ../src/lxc/utils.c:run_script_argv:633 - Set environment variable: LXC_HOOK_TYPE=stop
lxc mydocker 20240715032412.343 TRACE    utils - ../src/lxc/utils.c:run_script_argv:638 - Set environment variable: LXC_HOOK_SECTION=lxc
lxc mydocker 20240715032412.389 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgroup_tree_remove:491 - Removed cgroup tree 10(lxc.payload.mydocker)
lxc mydocker 20240715032412.389 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroup_tree_create:726 - Reusing 10(lxc.pivot) cgroup
lxc mydocker 20240715032412.389 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:__cgroup_tree_create:741 - Opened cgroup lxc.pivot as 3
lxc mydocker 20240715032412.403 TRACE    cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_destroy:927 - Removed cgroup tree 10(lxc.monitor.mydocker)
lxc mydocker 20240715032412.403 TRACE    start - ../src/lxc/start.c:lxc_end:964 - Closed command socket
lxc 20240715032412.403 ERROR    af_unix - ../src/lxc/af_unix.c:lxc_abstract_unix_recv_fds_iov:218 - Connection reset by peer - Failed to receive response
lxc 20240715032412.403 ERROR    commands - ../src/lxc/commands.c:lxc_cmd_rsp_recv_fds:128 - Failed to receive file descriptors for command "get_init_pid"
lxc mydocker 20240715032412.403 TRACE    start - ../src/lxc/start.c:lxc_end:975 - Set container state to "STOPPED"
lxc mydocker 20240715032412.403 INFO     utils - ../src/lxc/utils.c:run_script_argv:590 - Executing script "/nix/store/cfwa9a0aiv9h5mlw8k5zj3jv0ak0cir6-lxcfs-6.0.1/share/lxcfs/lxc.reboot.hook" for container "mydocker"
lxc mydocker 20240715032412.403 TRACE    utils - ../src/lxc/utils.c:run_script_argv:633 - Set environment variable: LXC_HOOK_TYPE=post-stop
lxc mydocker 20240715032412.403 TRACE    utils - ../src/lxc/utils.c:run_script_argv:638 - Set environment variable: LXC_HOOK_SECTION=lxc
lxc mydocker 20240715032412.910 INFO     utils - ../src/lxc/utils.c:run_script_argv:590 - Executing script "/nix/store/z09sfym31f8qkl6kbanr87jhscdpvp0a-incus-6.3.0/bin/incusd callhook /var/lib/incus "default" "mydocker" stop" for container "mydocker"
lxc mydocker 20240715032412.910 TRACE    utils - ../src/lxc/utils.c:run_script_argv:633 - Set environment variable: LXC_HOOK_TYPE=post-stop
lxc mydocker 20240715032412.910 TRACE    utils - ../src/lxc/utils.c:run_script_argv:638 - Set environment variable: LXC_HOOK_SECTION=lxc

I’m taking a look at readlink: command not found

So it’s the LXCFS hook that’s failing to find readlink. I think that’s a NixOS-specific issue.

The LXCFS hook runs in the container’s namespace but pre-pivot root, so it should be using the host system’s commands as found in the PATH at the time. That appears to be causing a failure due to readlink not being available in that scenario.

I suspect a non-OCI container works because it effectively ends up finding the readlink binary from inside the container instead, but that Docker container not having it available causes the failure.

May be interesting to try incus launch docker:ubuntu dockerubuntu --console

As that should have the readlink binary similar to a system container.

~ on ☁️   (us-east-1)
❯ incus start mydocker

~ on ☁️   (us-east-1)
❯

:slight_smile:

❯ incus launch docker:ubuntu dockerubuntu --console
Launching dockerubuntu
Error: Failed instance creation: Failed to run: /nix/store/z09sfym31f8qkl6kbanr87jhscdpvp0a-incus-6.3.0/bin/incusd forkstart dockerubuntu /var/lib/incus/containers /run/incus/dockerubuntu/lxc.conf: exit status 1

after adding readlink to PATH for lxcfs.

❯ incus launch docker:ubuntu dockerubuntu --console
Launching dockerubuntu
To detach from the console, press: <ctrl>+a q