Unable to stop unprivileged container using lxc-stop [ ubuntu 18.04 LTS, lxc version 3.0.2 ]

lxc

(Shyam Pusapaty) #1

unable to stop the unprivileged container on ubuntu 18.04 LTS host with lxc-stop version 3.0.2. It hangs indefinitely. Also, there is no IP associated with the container when using lxc-ls or lxc-info.

Followed the steps as in ubuntu documentation.
https://help.ubuntu.com/lts/serverguide/lxc.html

Here are the steps in detail.

  1. add a user, lxcuser1 and login as lxcuser1
  2. create ~/.config/lxc/default.conf
# 231072 is the value from /etc/subuid for user lxcuser1
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 231072 65536
lxc.idmap = g 0 231072 65536
  1. chmod -R 755 ~/.config
  2. mkdir -p ~/.local/share/lxc
  3. chmod -R 755 ~/.local
  4. (you may have to sudo for this update) echo “lxcuser1 veth lxcbr0 10” >> /etc/lxc/lxc-usernet
  5. add ACL for AppArmor
setfacl -m u:231072:x /home/lxcuser1/
setfacl -m u:231072:x /home/lxcuser1/.local
setfacl -m u:231072:x /home/lxcuser1/.local/share
  1. create container
    lxc-create -t download -n n1 -l debug -o n1.log – -d ubuntu -r xenial -a amd64
  2. start container
    lxc-start -n n1 -l debug -o n1.log
  3. lxc-ls -f
NAME      STATE   AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED 
n1  RUNNING 0         -      -    -    true        

**** IP address missing though the container is running…

  1. Stop lxc container
    lxc-stop -n n1

**** It hangs…

Here is the config file for lxc container, n1

# Template used to create this container: /usr/share/lxc/templates/lxc-download

# Parameters passed to the template: -d ubuntu -r xenial -a amd64

# Template script checksum (SHA-1): 273c51343604eb85f7e294c8da0a5eb769d648f3

# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:

#lxc.include = /usr/share/lxc/config/nesting.conf

# (Be aware this has security implications)

# Distribution configuration

lxc.include = /usr/share/lxc/config/common.conf

# For Ubuntu 14.04

lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0

lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0

lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0

lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0

lxc.include = /usr/share/lxc/config/userns.conf

# For Ubuntu 14.04

lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0

lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0

lxc.arch = linux64

# Container specific configuration

lxc.include = /etc/lxc/default.conf

lxc.idmap = u 0 231072 65536

lxc.idmap = g 0 231072 65536

lxc.rootfs.path = dir:/home/lxcuser1/.local/share/lxc/n1/rootfs

lxc.uts.name = n1

# Network configuration

=========

What I am missing in the configuration ? Any help is appreciated.