Quassel-core seg faults in lxd container

I’m trying to get quassel-core running in an lxd container. Trying to run via systemd gives:

Jan 30 17:23:05 mimir systemd[1]: quasselcore.service: Service hold-off time over, scheduling restart.
Jan 30 17:23:05 mimir systemd[1]: quasselcore.service: Scheduled restart job, restart counter is at 5.
Jan 30 17:23:05 mimir systemd[1]: Stopped distributed IRC client using a central core component.
Jan 30 17:23:05 mimir systemd[1]: quasselcore.service: Start request repeated too quickly.
Jan 30 17:23:05 mimir systemd[1]: quasselcore.service: Failed with result ‘signal’.
Jan 30 17:23:05 mimir systemd[1]: Failed to start distributed IRC client using a central core component.

Trying to run manually:

root@mimir:~# quasselcore
Segmentation fault

Not sure where to look next. Any pointers? This is a fresh container with nothing else installed, but fully updated. Static IP has been set. Network works (can ping google, etc).

Your best bet is to run it under strace -fF to see what’s failing exactly.

# strace -fF quasselcore
strace: deprecated option -F ignored
execve("/usr/bin/quasselcore", [“quasselcore”], 0x7fff81aca418 /* 13 vars */) = -1 EACCES (Permission denied)
— SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} —
+++ killed by SIGSEGV +++
Segmentation fault (core dumped)

I’m… not sure what all that means, but at least it gives me something else to google. :slight_smile: Thank you.

I think I may have found the issue. apparmor. Now, how to fix it…

Jan 30 21:33:05 mimir kernel: [103942.928359] audit: type=1400 audit(1548883985.277:490): apparmor=“DENIED” operation=“file_mmap” namespace=“root//lxd-mimir_<var-snap-lxd-common-lxd>” profile="/usr/bin/quasselcore" name="/usr/bin/quasselcore" pid=14570 comm=“quasselcore” requested_mask=“rm” denied_mask=“rm” fsuid=111 ouid=0

I got quasselcore to work by running:
aa-complain /usr/bin/quasselcore

Not ideal, but I needed to get it running. I’ll keep digging to see if I can figure out a better way. Any input would be welcome!

Oh, interesting, so it’s the apparmor profile for quassel which somehow doesn’t work well in containers.
Should be a one-line fix to the profile to allow this particular operation.

Assuming you’re installing quasselcore from the distribution, I’d recommend you file a bug there with the particular apparmor error and if you feel like it, try tweaking the profile under /etc/apparmor.d to allow this particular operation.

Should be something like:

/usr/bin/quasselcore rm,

I’m running Ubuntu, so I’ll see about filing a bug there. Thank you for the tips!

https://launchpad.net/ubuntu/+source/quassel/+filebug