debug.png1612×337 106 KB

I am new to LXC container. Currently, I am trying to build LXC container on a Zedboard booting with PetaLinux. I created the LXC container on my PC and gzip the container in “/home//.local/share/lxc/” to transfer to the zedboard. I tried to start the container using “lxc-start -n my-container -d -l trace -o debug.out” but I received this error.

I tried to change my-container permission using “sudo chown 100000:100000 -R /home//.local/share/lxc/my-container/rootfs” but still receive the same error.

I tried to create the container in the Zedboard instead of transferring the container gzip folder but received another error “WARN: could not reopen tty: Permission denied”

Puh, this is going to be interesting to debug since I’m not familiar with PetaLinux. Can you please provide the following information:

• cat /proc/self/cgroup
• the output of findmnt or, if not available, cat /proc/1/mounts
• the container’s configuration file
• ls -al /dev
• cat /etc/subuid
• cat /etc/subgid
• which newuidmap and if found ls -al /path/to/newuidmap
• which newgidmap and if found ls -al /path/to/newgidmap

cgroup.png733×435 40 KB

cat /proc/1/mounts
intern@plnx_arm:~$ cat /proc/1/mounts
rootfs / rootfs rw,size=238824k,nr_inodes=59706 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
devtmpfs /dev devtmpfs rw,relatime,size=238824k,nr_inodes=59706,mode=755 0 0
tmpfs /run tmpfs rw,nosuid,nodev,mode=755 0 0
tmpfs /var/volatile tmpfs rw,relatime 0 0
tmpfs /dev tmpfs rw,relatime,size=64k,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600,ptmxmode=000 0 0
cgroup /sys/fs/cgroup tmpfs rw,relatime,mode=755 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,relatime,cpuset 0 0
cgroup /sys/fs/cgroup/cpu cgroup rw,relatime,cpu 0 0
cgroup /sys/fs/cgroup/cpuacct cgroup rw,relatime,cpuacct 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,relatime,blkio 0 0
cgroup /sys/fs/cgroup/memory cgroup rw,relatime,memory 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,relatime,devices 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,relatime,freezer 0 0

Container configuration file
# Template used to create this container: /usr/share/lxc/templates/lxc-download
# Parameters passed to the template:
# Template script checksum (SHA-1): 740c51206e35463362b735e68b867876048a8baf
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)

Distribution configuration

lxc.include = /usr/share/lxc/config/ubuntu.common.conf
lxc.include = /usr/share/lxc/config/ubuntu.userns.conf
lxc.arch = x86

Container specific configuration

lxc.id_map = u 0 100000 65536
lxc.id_map = g 0 100000 65536
lxc.rootfs = /home/intern/.local/share/lxc/my-container/rootfs
lxc.rootfs.backend = dir
lxc.utsname = my-container

Network configuration

lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:e7:75:9b

ls -al /dev
intern@plnx_arm:~$ ls -al /dev
total 0
drwxr-xr-x 6 root root 2720 Jun 21 07:39 .
drwxr-xr-x 17 root root 380 Jan 1 1970 …
crw------- 1 root root 5, 1 Jun 21 07:39 console
crw-rw---- 1 root root 10, 62 Jan 1 1970 cpu_dma_latency
crw-rw-rw- 1 root root 1, 7 Jan 1 1970 full
prw------- 1 root root 0 Jan 1 1970 initctl
drwxr-xr-x 2 root root 60 Jan 1 1970 input
crw-rw---- 1 root root 1, 11 Jan 1 1970 kmsg
srw-rw-rw- 1 root root 0 Jun 21 07:39 log
crw-rw---- 1 root root 10, 237 Jan 1 1970 loop-control
brw-r----- 1 root disk 7, 0 Jan 1 1970 loop0
brw-r----- 1 root disk 7, 1 Jan 1 1970 loop1
brw-r----- 1 root disk 7, 2 Jan 1 1970 loop2
brw-r----- 1 root disk 7, 3 Jan 1 1970 loop3
brw-r----- 1 root disk 7, 4 Jan 1 1970 loop4
brw-r----- 1 root disk 7, 5 Jan 1 1970 loop5
brw-r----- 1 root disk 7, 6 Jan 1 1970 loop6
brw-r----- 1 root disk 7, 7 Jan 1 1970 loop7
-rw-r–r-- 1 root root 0 Jan 1 1970 mdev.seq
crw-r----- 1 root kmem 1, 1 Jan 1 1970 mem
crw-rw---- 1 root root 10, 59 Jan 1 1970 memory_bandwidth
lrwxrwxrwx 1 root root 12 Jan 1 1970 mtab -> /proc/mounts
crw-rw---- 1 root root 90, 0 Jan 1 1970 mtd0
crw-rw---- 1 root root 90, 1 Jan 1 1970 mtd0ro
crw-rw---- 1 root root 90, 2 Jan 1 1970 mtd1
crw-rw---- 1 root root 90, 3 Jan 1 1970 mtd1ro
crw-rw---- 1 root root 90, 4 Jan 1 1970 mtd2
crw-rw---- 1 root root 90, 5 Jan 1 1970 mtd2ro
crw-rw---- 1 root root 90, 6 Jan 1 1970 mtd3
crw-rw---- 1 root root 90, 7 Jan 1 1970 mtd3ro
brw-rw---- 1 root root 31, 0 Jan 1 1970 mtdblock0
brw-rw---- 1 root root 31, 1 Jan 1 1970 mtdblock1
brw-rw---- 1 root root 31, 2 Jan 1 1970 mtdblock2
brw-rw---- 1 root root 31, 3 Jan 1 1970 mtdblock3
crw-rw---- 1 root root 10, 61 Jan 1 1970 network_latency
crw-rw---- 1 root root 10, 60 Jan 1 1970 network_throughput
crw-rw-rw- 1 root root 1, 3 Jan 1 1970 null
crw-r----- 1 root kmem 1, 4 Jan 1 1970 port
crw-rw---- 1 root root 10, 1 Jan 1 1970 psaux
crw-rw-rw- 1 root tty 5, 2 Jan 1 1970 ptmx
drwxr-xr-x 2 root root 0 Jan 1 1970 pts
brw-r----- 1 root disk 1, 0 Jan 1 1970 ram0
brw-r----- 1 root disk 1, 1 Jan 1 1970 ram1
brw-r----- 1 root disk 1, 10 Jan 1 1970 ram10
brw-r----- 1 root disk 1, 11 Jan 1 1970 ram11
brw-r----- 1 root disk 1, 12 Jan 1 1970 ram12
brw-r----- 1 root disk 1, 13 Jan 1 1970 ram13
brw-r----- 1 root disk 1, 14 Jan 1 1970 ram14
brw-r----- 1 root disk 1, 15 Jan 1 1970 ram15
brw-r----- 1 root disk 1, 2 Jan 1 1970 ram2
brw-r----- 1 root disk 1, 3 Jan 1 1970 ram3
brw-r----- 1 root disk 1, 4 Jan 1 1970 ram4
brw-r----- 1 root disk 1, 5 Jan 1 1970 ram5
brw-r----- 1 root disk 1, 6 Jan 1 1970 ram6
brw-r----- 1 root disk 1, 7 Jan 1 1970 ram7
brw-r----- 1 root disk 1, 8 Jan 1 1970 ram8
brw-r----- 1 root disk 1, 9 Jan 1 1970 ram9
crw-rw-rw- 1 root root 1, 8 Jan 1 1970 random
drwxrwxrwx 2 root root 40 Jan 1 1970 shm
drwxr-xr-x 2 root root 60 Jan 1 1970 snd
crw-rw-rw- 1 root tty 5, 0 Jun 21 07:39 tty
crw–w---- 1 root root 4, 0 Jan 1 1970 tty0
crw–w---- 1 root root 4, 1 Jun 21 07:39 tty1
crw–w---- 1 root root 4, 10 Jan 1 1970 tty10
crw–w---- 1 root root 4, 11 Jan 1 1970 tty11
crw–w---- 1 root root 4, 12 Jan 1 1970 tty12
crw–w---- 1 root root 4, 13 Jan 1 1970 tty13
crw–w---- 1 root root 4, 14 Jan 1 1970 tty14
crw–w---- 1 root root 4, 15 Jan 1 1970 tty15
crw–w---- 1 root root 4, 16 Jan 1 1970 tty16
crw–w---- 1 root root 4, 17 Jan 1 1970 tty17
crw–w---- 1 root root 4, 18 Jan 1 1970 tty18
crw–w---- 1 root root 4, 19 Jan 1 1970 tty19
crw–w---- 1 root root 4, 2 Jan 1 1970 tty2
crw–w---- 1 root root 4, 20 Jan 1 1970 tty20
crw–w---- 1 root root 4, 21 Jan 1 1970 tty21
crw–w---- 1 root root 4, 22 Jan 1 1970 tty22
crw–w---- 1 root root 4, 23 Jan 1 1970 tty23
crw–w---- 1 root root 4, 24 Jan 1 1970 tty24
crw–w---- 1 root root 4, 25 Jan 1 1970 tty25
crw–w---- 1 root root 4, 26 Jan 1 1970 tty26
crw–w---- 1 root root 4, 27 Jan 1 1970 tty27
crw–w---- 1 root root 4, 28 Jan 1 1970 tty28
crw–w---- 1 root root 4, 29 Jan 1 1970 tty29
crw–w---- 1 root root 4, 3 Jan 1 1970 tty3
crw–w---- 1 root root 4, 30 Jan 1 1970 tty30
crw–w---- 1 root root 4, 31 Jan 1 1970 tty31
crw–w---- 1 root root 4, 32 Jan 1 1970 tty32
crw–w---- 1 root root 4, 33 Jan 1 1970 tty33
crw–w---- 1 root root 4, 34 Jan 1 1970 tty34
crw–w---- 1 root root 4, 35 Jan 1 1970 tty35
crw–w---- 1 root root 4, 36 Jan 1 1970 tty36
crw–w---- 1 root root 4, 37 Jan 1 1970 tty37
crw–w---- 1 root root 4, 38 Jan 1 1970 tty38
crw–w---- 1 root root 4, 39 Jan 1 1970 tty39
crw–w---- 1 root root 4, 4 Jan 1 1970 tty4
crw–w---- 1 root root 4, 40 Jan 1 1970 tty40
crw–w---- 1 root root 4, 41 Jan 1 1970 tty41
crw–w---- 1 root root 4, 42 Jan 1 1970 tty42
crw–w---- 1 root root 4, 43 Jan 1 1970 tty43
crw–w---- 1 root root 4, 44 Jan 1 1970 tty44
crw–w---- 1 root root 4, 45 Jan 1 1970 tty45
crw–w---- 1 root root 4, 46 Jan 1 1970 tty46
crw–w---- 1 root root 4, 47 Jan 1 1970 tty47
crw–w---- 1 root root 4, 48 Jan 1 1970 tty48
crw–w---- 1 root root 4, 49 Jan 1 1970 tty49
crw–w---- 1 root root 4, 5 Jan 1 1970 tty5
crw–w---- 1 root root 4, 50 Jan 1 1970 tty50
crw–w---- 1 root root 4, 51 Jan 1 1970 tty51
crw–w---- 1 root root 4, 52 Jan 1 1970 tty52
crw–w---- 1 root root 4, 53 Jan 1 1970 tty53
crw–w---- 1 root root 4, 54 Jan 1 1970 tty54
crw–w---- 1 root root 4, 55 Jan 1 1970 tty55
crw–w---- 1 root root 4, 56 Jan 1 1970 tty56
crw–w---- 1 root root 4, 57 Jan 1 1970 tty57
crw–w---- 1 root root 4, 58 Jan 1 1970 tty58
crw–w---- 1 root root 4, 59 Jan 1 1970 tty59
crw–w---- 1 root root 4, 6 Jan 1 1970 tty6
crw–w---- 1 root root 4, 60 Jan 1 1970 tty60
crw–w---- 1 root root 4, 61 Jan 1 1970 tty61
crw–w---- 1 root root 4, 62 Jan 1 1970 tty62
crw–w---- 1 root root 4, 63 Jan 1 1970 tty63
crw–w---- 1 root root 4, 7 Jan 1 1970 tty7
crw–w---- 1 root root 4, 8 Jan 1 1970 tty8
crw–w---- 1 root root 4, 9 Jan 1 1970 tty9
crw------- 1 root tty 247, 0 Jun 21 07:42 ttyPS0
crw-rw-rw- 1 root root 1, 9 Jan 1 1970 urandom
crw-rw---- 1 root tty 7, 0 Jan 1 1970 vcs
crw-rw---- 1 root tty 7, 1 Jan 1 1970 vcs1
crw-rw---- 1 root tty 7, 128 Jan 1 1970 vcsa
crw-rw---- 1 root tty 7, 129 Jan 1 1970 vcsa1
crw-rw---- 1 root root 10, 63 Jan 1 1970 vga_arbiter
crw-rw---- 1 root root 10, 130 Jan 1 1970 watchdog
crw-rw---- 1 root root 248, 0 Jan 1 1970 watchdog0
crw-rw---- 1 root root 246, 0 Jan 1 1970 xdevcfg
crw-rw-rw- 1 root root 1, 5 Jan 1 1970 zero

cat /etc/subuid and cat /etc/subgid
intern@plnx_arm:~$ cat /etc/subuid
lxd:165536:65536
root:165536:65536
intern:100000:65536
intern@plnx_arm:~$ cat /etc/subgid
lxd:165536:65536
root:165536:65536
intern:100000:65536

newuidmap and newgidmap
intern@plnx_arm:~$ which newuidmap
/usr/bin/newuidmap
intern@plnx_arm:~$ which newgidmap
/usr/bin/newgidmap
intern@plnx_arm:~$ ls -al /usr/bin/newuidmap
-rwsr-xr-x 1 root root 24608 Dec 9 2016 /usr/bin/newuidmap
intern@plnx_arm:~$ ls -al /usr/bin/newgidmap
-rwsr-xr-x 1 root root 24608 Dec 9 2016 /usr/bin/newgidmap

Thank You for replying. Another thing is that for the rootfs of the container, I have replace it with my own rootfs. I created the LXC container using PC, delete the rootfs and copy my own rootfs into the container. Am I allowed to do this?

I have also tried to run the container as root. By moving the LXC container to /var/lib/lxc/ in the petalinux. And got another error when running lxc-start “failed to attach ‘vethHVE5N0’ to the bridge ‘lxcbr0’: Operation not permitted”.
root@plnx_arm:~# lxc-ls -f
root@plnx_arm:~# lxc-ls -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6
my-container STOPPED 0 - - -

root@plnx_arm:~# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0A:35:00:1E:53
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:145 Base address:0xb000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1%768144/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

*root@plnx_arm:~# brctl show
root@plnx_arm:~# brctl show
bridge name bridge id STP enabled interfaces
root@plnx_arm:~#
command “brctl show” show nothing.

The rootfs of the container needs to be shifted to the correct uid and gid for it to be useable. So when you copy the rootfs from another PC you need to make sure that the rootfs is correctly chow()ed. You can do this by doing:

chown -R /path/to/rootfs

I have tried to change the container rootfs permission using command “sudo chown 100000:100000 -R /home/intern/.local/share/lxc/LXC/rootfs”. However, it still gives the same error.

I am still having the same error. Please help me with this debug.

Please post the outpout of “lxc-checkconfig”

— Namespaces —
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

— Control groups —
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

— Misc —
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: missing
CONFIG_NF_NAT_IPV4: missing
CONFIG_NF_NAT_IPV6: missing
CONFIG_IP_NF_TARGET_MASQUERADE: missing
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
FUSE (for use with lxcfs): missing

— Checkpoint/Restore —
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

@brauner got any idea?

1. Can you try to create a privileged container and report if that works?
2. Can you try to create an unprivileged container using the download template?

I just realized

devpts /dev/pts devpts rw,relatime,mode=600,ptmxmode=000 0 0

which should actually be

 rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000

so you could try to remount /dev/pts and try again.

The error goes away after I change to rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000. Thank you very much for your help.

I take this to mean that you were able to start unprivileged containers after this change. Marking this as solved. If you still experience issues just comment here.