Hi, Okajima San,
BTW, I got some infomation from [1]http://aufs.sourceforge.net/,
that describe the aufs module parameter:
allow_userns= Y | N
Allows an unprivileged mount under user namespace. Userns mount to put
AUFS into a chroot environment can be useful while it as a security
worry. This parameter sets an internal flag FS_USERNS_MOUNT and allows
userns unconditionally.
See the discussion in
http://www.mail-archive.com/[email protected]/msg04266.h
tml and its thread.
The default is 'N'. If CONFIG_USER_NS is disabled, this parameter is
meaningless.
Should I mount the container rootfs path with aufs under the
unpreviliged user?
My ubuntu parent server has the aufs kernel support :
grep aufs /proc/filesystems
nodev aufs
And I also setup the aufs module. and run " modprobe aufs
allow_userns=Y" ,(and checked the CONFIG_USER_NS is enabled). and
tried to mount the container rootfs by root user. But the unpreviliged
container still can't work well.
When I mount the container rootfs by unpreviliged user, I got the
warn: mount: only root can use "--options" option
Looking forward to you reply. Thanks.
BR.
__________________________________________________________________
Michael Mao
From: [2][email protected]
Date: 2020-03-21 17:29
To: [3]hooanon05g
CC: [4]aufs-users
Subject: Re: Re: LXC unpreviliged problem with aufs mounted on nfs
Hi,Mr. Okajima,
Below attached is the /var/log/kern.log and /var/log/syslog, which
logs the info from nfs client side ubuntu-v18.04 reboot to the LXC
rootfs mount by aufs and LXC startup . I didn't find any info about
XATTR.
Did I miss any thing? or Should I show you the log file of the nfs
server side ?
thanks a lot.
/var/log/kern.log
Mar 21 17:02:06 zss-node1 kernel: [ 9.157693] random: (sd-executor):
uninitialized urandom read (16 bytes read)
Mar 21 17:02:06 zss-node1 kernel: [ 9.529600] Loading iSCSI
transport class v2.0-870.
Mar 21 17:02:06 zss-node1 kernel: [ 9.537351] iscsi: registered
transport (tcp)
Mar 21 17:02:06 zss-node1 kernel: [ 9.539466] EXT4-fs (vda1):
re-mounted. Opts: errors=remount-ro
Mar 21 17:02:06 zss-node1 kernel: [ 9.745084] RPC: Registered named
UNIX socket transport module.
Mar 21 17:02:06 zss-node1 kernel: [ 9.746528] RPC: Registered udp
transport module.
Mar 21 17:02:06 zss-node1 kernel: [ 9.747939] RPC: Registered tcp
transport module.
Mar 21 17:02:06 zss-node1 kernel: [ 9.749352] RPC: Registered tcp
NFSv4.1 backchannel transport module.
Mar 21 17:02:06 zss-node1 kernel: [ 9.808824] iscsi: registered
transport (iser)
Mar 21 17:02:06 zss-node1 kernel: [ 10.193888] RAPL PMU: API unit is
2^-32 Joules, 3 fixed counters, 10737418240 ms ovfl timer
Mar 21 17:02:06 zss-node1 kernel: [ 10.193889] RAPL PMU: hw unit of
domain pp0-core 2^-0 Joules
Mar 21 17:02:06 zss-node1 kernel: [ 10.193890] RAPL PMU: hw unit of
domain package 2^-0 Joules
Mar 21 17:02:06 zss-node1 kernel: [ 10.193890] RAPL PMU: hw unit of
domain dram 2^-16 Joules
Mar 21 17:02:06 zss-node1 kernel: [ 10.206705] shpchp: Standard Hot
Plug PCI Controller Driver version: 0.4
Mar 21 17:02:06 zss-node1 kernel: [ 10.804762] spl: loading
out-of-tree module taints kernel.
Mar 21 17:02:06 zss-node1 kernel: [ 10.805915] SPL: Loaded module
v0.7.5-1ubuntu1
Mar 21 17:02:06 zss-node1 kernel: [ 10.836922] znvpair: module
license 'CDDL' taints kernel.
Mar 21 17:02:06 zss-node1 kernel: [ 10.836923] Disabling lock
debugging due to kernel taint
Mar 21 17:02:06 zss-node1 kernel: [ 13.474100] ZFS: Loaded module
v0.7.5-1ubuntu16.4, ZFS pool version 5000, ZFS filesystem version 5
Mar 21 17:02:06 zss-node1 kernel: [ 14.104544] audit: type=1400
audit(1584781326.408:2): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/usr/bin/lxc-start" pid=1238
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.107425] audit: type=1400
audit(1584781326.408:3): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/usr/bin/man" pid=1239
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.107426] audit: type=1400
audit(1584781326.408:4): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="man_filter" pid=1239 comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.107428] audit: type=1400
audit(1584781326.408:5): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="man_groff" pid=1239 comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121376] audit: type=1400
audit(1584781326.424:6): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/usr/sbin/ntpd" pid=1247
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121968] audit: type=1400
audit(1584781326.424:7): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxc-container-default" pid=1236
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121970] audit: type=1400
audit(1584781326.424:8): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxc-container-default-cgns" pid=1236
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121972] audit: type=1400
audit(1584781326.424:9): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxc-container-default-with-mounting"
pid=1236 comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121974] audit: type=1400
audit(1584781326.424:10): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxc-container-default-with-nesting" pid=1236
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.125523] audit: type=1400
audit(1584781326.428:11): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/usr/sbin/tcpdump" pid=1261
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.272800] new mount options do
not match the existing superblock, will be ignored
Mar 21 17:02:07 zss-node1 kernel: [ 15.104489] IPv6:
ADDRCONF(NETDEV_UP): eth0: link is not ready
Mar 21 17:02:07 zss-node1 kernel: [ 15.298046] FS-Cache: Loaded
Mar 21 17:02:07 zss-node1 kernel: [ 15.337220] FS-Cache: Netfs 'nfs'
registered for caching
Mar 21 17:02:07 zss-node1 kernel: [ 15.362465] NFS: Registering the
id_resolver key type
Mar 21 17:02:07 zss-node1 kernel: [ 15.362471] Key type id_resolver
registered
Mar 21 17:02:07 zss-node1 kernel: [ 15.362472] Key type id_legacy
registered
Mar 21 17:02:07 zss-node1 kernel: [ 15.424881] bridge: filtering via
arp/ip/ip6tables is no longer available by default. Update your scripts
to load br_netfilter if you need this.
Mar 21 17:02:07 zss-node1 kernel: [ 15.430221] IPv6:
ADDRCONF(NETDEV_UP): lxcbr0: link is not ready
Mar 21 17:02:07 zss-node1 kernel: [ 15.558838] nf_conntrack version
0.5.0 (65536 buckets, 262144 max)
Mar 21 17:02:08 zss-node1 kernel: [ 15.912350] aufs 4.15-20180219
Mar 21 17:06:12 zss-node1 kernel: [ 260.328869] random: crng init done
Mar 21 17:06:12 zss-node1 kernel: [ 260.328872] random: 1 urandom
warning(s) missed due to ratelimiting
Mar 21 17:06:59 zss-node1 kernel: [ 306.922028] ip6_tables: (C)
2000-2006 Netfilter Core Team
Mar 21 17:08:16 zss-node1 kernel: [ 383.815252] aufs
test_add:292:mount[3157]: uid/gid/perm
/var/lib/lxd/storage-pools/default/containers/bbb 100000/100000/0711,
100000/100000/0755
Mar 21 17:08:33 zss-node1 kernel: [ 401.131359] Ebtables v2.0
registered
Mar 21 17:08:43 zss-node1 kernel: [ 411.360332] kauditd_printk_skb: 27
callbacks suppressed
Mar 21 17:08:43 zss-node1 kernel: [ 411.360333] audit: type=1400
audit(1584781723.664:39): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxd-bbb_</var/lib/lxd>" pid=3235
comm="apparmor_parser"
Mar 21 17:08:43 zss-node1 kernel: [ 411.372532] lxdbr0: port
1(vethOCPL4M) entered blocking state
Mar 21 17:08:43 zss-node1 kernel: [ 411.372534] lxdbr0: port
1(vethOCPL4M) entered disabled state
Mar 21 17:08:43 zss-node1 kernel: [ 411.373065] device vethOCPL4M
entered promiscuous mode
Mar 21 17:08:43 zss-node1 kernel: [ 411.373510] IPv6:
ADDRCONF(NETDEV_UP): vethOCPL4M: link is not ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.485175] eth0: renamed from
vethOUVFCY
Mar 21 17:08:43 zss-node1 kernel: [ 411.500184] IPv6:
ADDRCONF(NETDEV_UP): eth0: link is not ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500373] IPv6:
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500395] IPv6:
ADDRCONF(NETDEV_CHANGE): vethOCPL4M: link becomes ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500436] lxdbr0: port
1(vethOCPL4M) entered blocking state
Mar 21 17:08:43 zss-node1 kernel: [ 411.500437] lxdbr0: port
1(vethOCPL4M) entered forwarding state
Mar 21 17:08:46 zss-node1 kernel: [ 414.191802] audit: type=1400
audit(1584781726.492:40): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/bin/man" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.191804] audit: type=1400
audit(1584781726.492:41): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="man_filter" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.191806] audit: type=1400
audit(1584781726.492:42): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="man_groff" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.192522] audit: type=1400
audit(1584781726.496:43): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/snapd/snap-confine" pid=3645 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.192524] audit: type=1400
audit(1584781726.496:44): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper"
pid=3645 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195610] audit: type=1400
audit(1584781726.496:45): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/sbin/dhclient" pid=3643 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195613] audit: type=1400
audit(1584781726.496:46): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=3643
comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195614] audit: type=1400
audit(1584781726.496:47): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=3643
comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195616] audit: type=1400
audit(1584781726.496:48): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/connman/scripts/dhclient-script" pid=3643
comm="apparmor_parser"
/var/log/syslog
Mar 21 17:02:29 zss-node1 systemd[1]: Started Execute cloud user/final
scripts.
Mar 21 17:02:29 zss-node1 systemd[1]: Reached target Cloud-init target.
Mar 21 17:02:29 zss-node1 systemd[1]: Startup finished in 8.582s
(kernel) + 28.941s (userspace) = 37.524s.
Mar 21 17:06:12 zss-node1 kernel: [ 260.328869] random: crng init done
Mar 21 17:06:12 zss-node1 kernel: [ 260.328872] random: 1 urandom
warning(s) missed due to ratelimiting
Mar 21 17:06:23 zss-node1 systemd[1]: Created slice User Slice of root.
Mar 21 17:06:23 zss-node1 systemd[1]: Starting User Manager for UID
0...
Mar 21 17:06:23 zss-node1 systemd[1]: Started Session 1 of user root.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Paths.
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG
cryptographic agent (ssh-agent emulation).
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG network
certificate management daemon.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Timers.
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG
cryptographic agent and passphrase cache (access for web browsers).
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG
cryptographic agent and passphrase cache (restricted).
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG
cryptographic agent and passphrase cache.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Sockets.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Basic System.
Mar 21 17:06:23 zss-node1 systemd[1]: Started User Manager for UID 0.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Default.
Mar 21 17:06:23 zss-node1 systemd[2327]: Startup finished in 90ms.
Mar 21 17:06:50 zss-node1 systemd-resolved[1250]: Using degraded
feature set (UDP) for DNS server 114.114.114.114.
Mar 21 17:06:51 zss-node1 systemd-resolved[1250]: Using degraded
feature set (UDP) for DNS server 114.114.115.115.
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.1806] manager: (lxdbr0): new Bridge device
(/org/freedesktop/NetworkManager/Devices/4)
Mar 21 17:06:59 zss-node1 systemd-udevd[2909]: link_config:
autonegotiation is unset or enabled, the speed and duplex are not
writable.
Mar 21 17:06:59 zss-node1 systemd-udevd[2909]: Could not generate
persistent MAC address for lxdbr0: No such file or directory
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.1858] devices added (path: /sys/devices/virtual/net/lxdbr0,
iface: lxdbr0)
Mar 21 17:06:59 zss-node1 snapd[1378]: snapmgr.go:249: cannot read snap
info of snap "core" at revision 8689: cannot find installed snap "core"
at revision 8689: missing file /snap/core/8689/meta/snap.yaml
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.1859] device added (path: /sys/devices/virtual/net/lxdbr0,
iface: lxdbr0): no ifupdown configuration found.
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2122] device (lxdbr0): state change: unmanaged ->
unavailable (reason 'connection-assumed', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2138] keyfile: add connection in-memory
(64484952-1387-4e67-97cd-7cffe49eff69,"lxdbr0")
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2142] device (lxdbr0): state change: unavailable ->
disconnected (reason 'connection-assumed', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2148] device (lxdbr0): Activation: starting connection
'lxdbr0' (64484952-1387-4e67-97cd-7cffe49eff69)
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2151] device (lxdbr0): state change: disconnected ->
prepare (reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2153] device (lxdbr0): state change: prepare -> config
(reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2154] device (lxdbr0): state change: config -> ip-config
(reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2155] device (lxdbr0): state change: ip-config -> ip-check
(reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2157] device (lxdbr0): state change: ip-check ->
secondaries (reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2158] device (lxdbr0): state change: secondaries ->
activated (reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2197] device (lxdbr0): Activation: successful, device
activated.
Mar 21 17:06:59 zss-node1 dbus-daemon[1333]: [system] Activating via
systemd: service name='org.freedesktop.nm_dispatcher'
unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.6'
(uid=0 pid=1393 comm="/usr/sbin/NetworkManager --no-daemon "
label="unconfined")
Mar 21 17:06:59 zss-node1 systemd[1]: Starting Network Manager Script
Dispatcher Service...
Mar 21 17:06:59 zss-node1 dbus-daemon[1333]: [system] Successfully
activated service 'org.freedesktop.nm_dispatcher'
Mar 21 17:06:59 zss-node1 systemd[1]: Started Network Manager Script
Dispatcher Service.
Mar 21 17:06:59 zss-node1 nm-dispatcher: req:1 'up' [lxdbr0]: new
request (3 scripts)
Mar 21 17:06:59 zss-node1 nm-dispatcher: req:1 'up' [lxdbr0]: start
running ordered scripts...
Mar 21 17:06:59 zss-node1 kernel: [ 306.922028] ip6_tables: (C)
2000-2006 Netfilter Core Team
Mar 21 17:06:59 zss-node1 systemd[1]: Reloading OpenBSD Secure Shell
server.
Mar 21 17:06:59 zss-node1 systemd[1]: Reloaded OpenBSD Secure Shell
server.
Mar 21 17:06:59 zss-node1 ntpdate[2988]: Can't find host
ntp.myhuaweicloud.com: Name or service not known (-2)
Mar 21 17:06:59 zss-node1 ntpdate[2988]: no servers can be used,
exiting
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: started, version 2.79
cachesize 150
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: compile time options: IPv6
GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth
DNSSEC loop-detect inotify
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: DHCP, IP range
10.151.165.2 -- 10.151.165.254, lease time 1h
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: DHCP, sockets bound
exclusively to interface lxdbr0
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: using local addresses only for
domain lxd
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: reading /etc/resolv.conf
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: using local addresses only for
domain lxd
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: using nameserver 127.0.0.53#53
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: read /etc/hosts - 13 addresses
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/aaa
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/bbb
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/ubuntu-1804-64
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: read /etc/hosts - 13 addresses
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/aaa
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/bbb
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/ubuntu-1804-64
Mar 21 17:08:16 zss-node1 kernel: [ 383.815252] aufs
test_add:292:mount[3157]: uid/gid/perm
/var/lib/lxd/storage-pools/default/containers/bbb 100000/100000/0711,
100000/100000/0755
Mar 21 17:08:33 zss-node1 kernel: [ 401.131359] Ebtables v2.0
registered
Mar 21 17:08:43 zss-node1 kernel: [ 411.360332] kauditd_printk_skb: 27
callbacks suppressed
Mar 21 17:08:43 zss-node1 kernel: [ 411.360333] audit: type=1400
audit(1584781723.664:39): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxd-bbb_</var/lib/lxd>" pid=3235
comm="apparmor_parser"
Mar 21 17:08:43 zss-node1 kernel: [ 411.372532] lxdbr0: port
1(vethOCPL4M) entered blocking state
Mar 21 17:08:43 zss-node1 kernel: [ 411.372534] lxdbr0: port
1(vethOCPL4M) entered disabled state
Mar 21 17:08:43 zss-node1 kernel: [ 411.373065] device vethOCPL4M
entered promiscuous mode
Mar 21 17:08:43 zss-node1 kernel: [ 411.373510] IPv6:
ADDRCONF(NETDEV_UP): vethOCPL4M: link is not ready
Mar 21 17:08:43 zss-node1 systemd-udevd[3238]: link_config:
autonegotiation is unset or enabled, the speed and duplex are not
writable.
Mar 21 17:08:43 zss-node1 systemd-udevd[3238]: Could not generate
persistent MAC address for vethOUVFCY: No such file or directory
Mar 21 17:08:43 zss-node1 systemd-udevd[3239]: link_config:
autonegotiation is unset or enabled, the speed and duplex are not
writable.
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6810] manager: (vethOUVFCY): new Veth device
(/org/freedesktop/NetworkManager/Devices/5)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6818] manager: (vethOCPL4M): new Veth device
(/org/freedesktop/NetworkManager/Devices/6)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6859] devices added (path:
/sys/devices/virtual/net/vethOUVFCY, iface: vethOUVFCY)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6859] device added (path:
/sys/devices/virtual/net/vethOUVFCY, iface: vethOUVFCY): no ifupdown
configuration found.
Mar 21 17:08:43 zss-node1 snapd[1378]: snapmgr.go:249: cannot read snap
info of snap "core" at revision 8689: cannot find installed snap "core"
at revision 8689: missing file /snap/core/8689/meta/snap.yaml
Mar 21 17:08:43 zss-node1 snapd[1378]: snapmgr.go:249: cannot read snap
info of snap "core" at revision 8689: cannot find installed snap "core"
at revision 8689: missing file /snap/core/8689/meta/snap.yaml
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6867] devices added (path:
/sys/devices/virtual/net/vethOCPL4M, iface: vethOCPL4M)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6868] device added (path:
/sys/devices/virtual/net/vethOCPL4M, iface: vethOCPL4M): no ifupdown
configuration found.
Mar 21 17:08:43 zss-node1 kernel: [ 411.485175] eth0: renamed from
vethOUVFCY
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.7950] devices removed (path:
/sys/devices/virtual/net/vethOUVFCY, iface: vethOUVFCY)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.8076] device (vethOCPL4M): carrier: link connected
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.8080] device (lxdbr0): carrier: link connected
Mar 21 17:08:43 zss-node1 kernel: [ 411.500184] IPv6:
ADDRCONF(NETDEV_UP): eth0: link is not ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500373] IPv6:
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500395] IPv6:
ADDRCONF(NETDEV_CHANGE): vethOCPL4M: link becomes ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500436] lxdbr0: port
1(vethOCPL4M) entered blocking state
Mar 21 17:08:43 zss-node1 kernel: [ 411.500437] lxdbr0: port
1(vethOCPL4M) entered forwarding state
Mar 21 17:08:43 zss-node1 systemd[1]:
proc-sys-fs-binfmt_misc.automount: Got automount request for
/proc/sys/fs/binfmt_misc, triggered by 3243 (lxd)
Mar 21 17:08:43 zss-node1 systemd[1]: Mounting Arbitrary Executable
File Formats File System...
Mar 21 17:08:43 zss-node1 systemd[1]: Mounted Arbitrary Executable File
Formats File System.
Mar 21 17:08:46 zss-node1 kernel: [ 414.191802] audit: type=1400
audit(1584781726.492:40): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/bin/man" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.191804] audit: type=1400
audit(1584781726.492:41): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="man_filter" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.191806] audit: type=1400
audit(1584781726.492:42): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="man_groff" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.192522] audit: type=1400
audit(1584781726.496:43): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/snapd/snap-confine" pid=3645 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.192524] audit: type=1400
audit(1584781726.496:44): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper"
pid=3645 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195610] audit: type=1400
audit(1584781726.496:45): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/sbin/dhclient" pid=3643 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195613] audit: type=1400
audit(1584781726.496:46): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=3643
comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195614] audit: type=1400
audit(1584781726.496:47): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=3643
comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195616] audit: type=1400
audit(1584781726.496:48): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/connman/scripts/dhclient-script" pid=3643
comm="apparmor_parser"
Mar 21 17:15:51 zss-node1 systemd[1]: Started Session 3 of user root.
Mar 21 17:16:48 zss-node1 systemd-resolved[1250]: Grace period over,
resuming full feature set (UDP+EDNS0) for DNS server 114.114.115.115.
Mar 21 17:17:01 zss-node1 CRON[5298]: (root) CMD ( cd / && run-parts
--report /etc/cron.hourly)
Mar 21 17:17:02 zss-node1 systemd[1]: Starting Cleanup of Temporary
Directories...
Mar 21 17:17:02 zss-node1 systemd[1]: Started Cleanup of Temporary
Directories.
Mar 21 17:20:43 zss-node1 systemd[1]: Starting Message of the Day...
Mar 21 17:20:43 zss-node1 systemd-resolved[1250]: Using degraded
feature set (UDP) for DNS server 114.114.115.115.
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: * Latest Kubernetes 1.18
beta is now available for your laptop, NUC, cloud
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: instance or Raspberry
Pi, with automatic updates to the final GA release.
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: sudo snap install
microk8s --channel=1.18/beta --classic
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: * Multipass 1.1 adds
proxy support for developers behind enterprise
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: firewalls. Rapid
prototyping for cloud operations just got easier.
Mar 21 17:20:51 zss-node1 50-motd-news[5318]:
https://multipass.run/
Mar 21 17:20:51 zss-node1 systemd[1]: Started Message of the Day.
Michael Mao
From: J. R. Okajima
Date: 2020-03-21 14:14
To: homalu
CC: aufs-users
Subject: Re: LXC unpreviliged problem with aufs mounted on nfs
homalu:
> My NFS export file is like this :
> /mnt/NFSmountpoint
172.16.0.0/24(rw,fsid=0,insecure,no_root_squash,no_subtree_check,sync,c
rossmnt).
> Is this OK?
I hope so, but I am not sure.
As a next step, I'd suggest you to check the kernel log on nfs client,
whether aufs complained about XATTR on nfs.
J. R. Okajima
Hi,Mr. Okajima,
Below attached is the /var/log/kern.log and /var/log/syslog,
which
logs the info from nfs client side ubuntu-v18.04 reboot to the LXC
rootfs mount by aufs and LXC startup . I didn't find any info about
XATTR.
Did I miss any thing? or Should I show you the log file of the
nfs
server side ?
thanks a lot.
/var/log/kern.log
Mar 21 17:02:06 zss-node1 kernel: [ 9.157693] random:
(sd-executor):
uninitialized urandom read (16 bytes read)
Mar 21 17:02:06 zss-node1 kernel: [ 9.529600] Loading iSCSI
transport class v2.0-870.
Mar 21 17:02:06 zss-node1 kernel: [ 9.537351] iscsi: registered
transport (tcp)
Mar 21 17:02:06 zss-node1 kernel: [ 9.539466] EXT4-fs (vda1):
re-mounted. Opts: errors=remount-ro
Mar 21 17:02:06 zss-node1 kernel: [ 9.745084] RPC: Registered
named
UNIX socket transport module.
Mar 21 17:02:06 zss-node1 kernel: [ 9.746528] RPC: Registered udp
transport module.
Mar 21 17:02:06 zss-node1 kernel: [ 9.747939] RPC: Registered tcp
transport module.
Mar 21 17:02:06 zss-node1 kernel: [ 9.749352] RPC: Registered tcp
NFSv4.1 backchannel transport module.
Mar 21 17:02:06 zss-node1 kernel: [ 9.808824] iscsi: registered
transport (iser)
Mar 21 17:02:06 zss-node1 kernel: [ 10.193888] RAPL PMU: API unit
is
2^-32 Joules, 3 fixed counters, 10737418240 ms ovfl timer
Mar 21 17:02:06 zss-node1 kernel: [ 10.193889] RAPL PMU: hw unit
of
domain pp0-core 2^-0 Joules
Mar 21 17:02:06 zss-node1 kernel: [ 10.193890] RAPL PMU: hw unit
of
domain package 2^-0 Joules
Mar 21 17:02:06 zss-node1 kernel: [ 10.193890] RAPL PMU: hw unit
of
domain dram 2^-16 Joules
Mar 21 17:02:06 zss-node1 kernel: [ 10.206705] shpchp: Standard
Hot
Plug PCI Controller Driver version: 0.4
Mar 21 17:02:06 zss-node1 kernel: [ 10.804762] spl: loading
out-of-tree module taints kernel.
Mar 21 17:02:06 zss-node1 kernel: [ 10.805915] SPL: Loaded module
v0.7.5-1ubuntu1
Mar 21 17:02:06 zss-node1 kernel: [ 10.836922] znvpair: module
license 'CDDL' taints kernel.
Mar 21 17:02:06 zss-node1 kernel: [ 10.836923] Disabling lock
debugging due to kernel taint
Mar 21 17:02:06 zss-node1 kernel: [ 13.474100] ZFS: Loaded module
v0.7.5-1ubuntu16.4, ZFS pool version 5000, ZFS filesystem version 5
Mar 21 17:02:06 zss-node1 kernel: [ 14.104544] audit: type=1400
audit(1584781326.408:2): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/usr/bin/lxc-start" pid=1238
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.107425] audit: type=1400
audit(1584781326.408:3): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/usr/bin/man" pid=1239
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.107426] audit: type=1400
audit(1584781326.408:4): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="man_filter" pid=1239
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.107428] audit: type=1400
audit(1584781326.408:5): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="man_groff" pid=1239
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121376] audit: type=1400
audit(1584781326.424:6): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/usr/sbin/ntpd" pid=1247
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121968] audit: type=1400
audit(1584781326.424:7): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxc-container-default" pid=1236
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121970] audit: type=1400
audit(1584781326.424:8): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxc-container-default-cgns" pid=1236
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121972] audit: type=1400
audit(1584781326.424:9): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxc-container-default-with-mounting"
pid=1236 comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.121974] audit: type=1400
audit(1584781326.424:10): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxc-container-default-with-nesting"
pid=1236
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.125523] audit: type=1400
audit(1584781326.428:11): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="/usr/sbin/tcpdump" pid=1261
comm="apparmor_parser"
Mar 21 17:02:06 zss-node1 kernel: [ 14.272800] new mount options
do
not match the existing superblock, will be ignored
Mar 21 17:02:07 zss-node1 kernel: [ 15.104489] IPv6:
ADDRCONF(NETDEV_UP): eth0: link is not ready
Mar 21 17:02:07 zss-node1 kernel: [ 15.298046] FS-Cache: Loaded
Mar 21 17:02:07 zss-node1 kernel: [ 15.337220] FS-Cache: Netfs
'nfs'
registered for caching
Mar 21 17:02:07 zss-node1 kernel: [ 15.362465] NFS: Registering
the
id_resolver key type
Mar 21 17:02:07 zss-node1 kernel: [ 15.362471] Key type
id_resolver
registered
Mar 21 17:02:07 zss-node1 kernel: [ 15.362472] Key type id_legacy
registered
Mar 21 17:02:07 zss-node1 kernel: [ 15.424881] bridge: filtering
via
arp/ip/ip6tables is no longer available by default. Update your
scripts
to load br_netfilter if you need this.
Mar 21 17:02:07 zss-node1 kernel: [ 15.430221] IPv6:
ADDRCONF(NETDEV_UP): lxcbr0: link is not ready
Mar 21 17:02:07 zss-node1 kernel: [ 15.558838] nf_conntrack
version
0.5.0 (65536 buckets, 262144 max)
Mar 21 17:02:08 zss-node1 kernel: [ 15.912350] aufs 4.15-20180219
Mar 21 17:06:12 zss-node1 kernel: [ 260.328869] random: crng init
done
Mar 21 17:06:12 zss-node1 kernel: [ 260.328872] random: 1 urandom
warning(s) missed due to ratelimiting
Mar 21 17:06:59 zss-node1 kernel: [ 306.922028] ip6_tables: (C)
2000-2006 Netfilter Core Team
Mar 21 17:08:16 zss-node1 kernel: [ 383.815252] aufs
test_add:292:mount[3157]: uid/gid/perm
/var/lib/lxd/storage-pools/default/containers/bbb
100000/100000/0711,
100000/100000/0755
Mar 21 17:08:33 zss-node1 kernel: [ 401.131359] Ebtables v2.0
registered
Mar 21 17:08:43 zss-node1 kernel: [ 411.360332] kauditd_printk_skb:
27
callbacks suppressed
Mar 21 17:08:43 zss-node1 kernel: [ 411.360333] audit: type=1400
audit(1584781723.664:39): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxd-bbb_</var/lib/lxd>" pid=3235
comm="apparmor_parser"
Mar 21 17:08:43 zss-node1 kernel: [ 411.372532] lxdbr0: port
1(vethOCPL4M) entered blocking state
Mar 21 17:08:43 zss-node1 kernel: [ 411.372534] lxdbr0: port
1(vethOCPL4M) entered disabled state
Mar 21 17:08:43 zss-node1 kernel: [ 411.373065] device vethOCPL4M
entered promiscuous mode
Mar 21 17:08:43 zss-node1 kernel: [ 411.373510] IPv6:
ADDRCONF(NETDEV_UP): vethOCPL4M: link is not ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.485175] eth0: renamed from
vethOUVFCY
Mar 21 17:08:43 zss-node1 kernel: [ 411.500184] IPv6:
ADDRCONF(NETDEV_UP): eth0: link is not ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500373] IPv6:
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500395] IPv6:
ADDRCONF(NETDEV_CHANGE): vethOCPL4M: link becomes ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500436] lxdbr0: port
1(vethOCPL4M) entered blocking state
Mar 21 17:08:43 zss-node1 kernel: [ 411.500437] lxdbr0: port
1(vethOCPL4M) entered forwarding state
Mar 21 17:08:46 zss-node1 kernel: [ 414.191802] audit: type=1400
audit(1584781726.492:40): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/bin/man" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.191804] audit: type=1400
audit(1584781726.492:41): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="man_filter" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.191806] audit: type=1400
audit(1584781726.492:42): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="man_groff" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.192522] audit: type=1400
audit(1584781726.496:43): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/snapd/snap-confine" pid=3645 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.192524] audit: type=1400
audit(1584781726.496:44): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper"
pid=3645 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195610] audit: type=1400
audit(1584781726.496:45): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/sbin/dhclient" pid=3643 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195613] audit: type=1400
audit(1584781726.496:46): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=3643
comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195614] audit: type=1400
audit(1584781726.496:47): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=3643
comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195616] audit: type=1400
audit(1584781726.496:48): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/connman/scripts/dhclient-script" pid=3643
comm="apparmor_parser"
/var/log/syslog
Mar 21 17:02:29 zss-node1 systemd[1]: Started Execute cloud
user/final
scripts.
Mar 21 17:02:29 zss-node1 systemd[1]: Reached target Cloud-init
target.
Mar 21 17:02:29 zss-node1 systemd[1]: Startup finished in 8.582s
(kernel) + 28.941s (userspace) = 37.524s.
Mar 21 17:06:12 zss-node1 kernel: [ 260.328869] random: crng init
done
Mar 21 17:06:12 zss-node1 kernel: [ 260.328872] random: 1 urandom
warning(s) missed due to ratelimiting
Mar 21 17:06:23 zss-node1 systemd[1]: Created slice User Slice of
root.
Mar 21 17:06:23 zss-node1 systemd[1]: Starting User Manager for UID
0...
Mar 21 17:06:23 zss-node1 systemd[1]: Started Session 1 of user
root.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Paths.
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG
cryptographic agent (ssh-agent emulation).
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG network
certificate management daemon.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Timers.
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG
cryptographic agent and passphrase cache (access for web browsers).
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG
cryptographic agent and passphrase cache (restricted).
Mar 21 17:06:23 zss-node1 systemd[2327]: Listening on GnuPG
cryptographic agent and passphrase cache.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Sockets.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Basic
System.
Mar 21 17:06:23 zss-node1 systemd[1]: Started User Manager for UID
0.
Mar 21 17:06:23 zss-node1 systemd[2327]: Reached target Default.
Mar 21 17:06:23 zss-node1 systemd[2327]: Startup finished in 90ms.
Mar 21 17:06:50 zss-node1 systemd-resolved[1250]: Using degraded
feature set (UDP) for DNS server 114.114.114.114.
Mar 21 17:06:51 zss-node1 systemd-resolved[1250]: Using degraded
feature set (UDP) for DNS server 114.114.115.115.
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.1806] manager: (lxdbr0): new Bridge device
(/org/freedesktop/NetworkManager/Devices/4)
Mar 21 17:06:59 zss-node1 systemd-udevd[2909]: link_config:
autonegotiation is unset or enabled, the speed and duplex are not
writable.
Mar 21 17:06:59 zss-node1 systemd-udevd[2909]: Could not generate
persistent MAC address for lxdbr0: No such file or directory
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.1858] devices added (path:
/sys/devices/virtual/net/lxdbr0,
iface: lxdbr0)
Mar 21 17:06:59 zss-node1 snapd[1378]: snapmgr.go:249: cannot read
snap
info of snap "core" at revision 8689: cannot find installed snap
"core"
at revision 8689: missing file /snap/core/8689/meta/snap.yaml
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.1859] device added (path:
/sys/devices/virtual/net/lxdbr0,
iface: lxdbr0): no ifupdown configuration found.
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2122] device (lxdbr0): state change: unmanaged ->
unavailable (reason 'connection-assumed', sys-iface-state:
'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2138] keyfile: add connection in-memory
(64484952-1387-4e67-97cd-7cffe49eff69,"lxdbr0")
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2142] device (lxdbr0): state change: unavailable ->
disconnected (reason 'connection-assumed', sys-iface-state:
'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2148] device (lxdbr0): Activation: starting connection
'lxdbr0' (64484952-1387-4e67-97cd-7cffe49eff69)
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2151] device (lxdbr0): state change: disconnected ->
prepare (reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2153] device (lxdbr0): state change: prepare -> config
(reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2154] device (lxdbr0): state change: config -> ip-config
(reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2155] device (lxdbr0): state change: ip-config ->
ip-check
(reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2157] device (lxdbr0): state change: ip-check ->
secondaries (reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2158] device (lxdbr0): state change: secondaries ->
activated (reason 'none', sys-iface-state: 'external')
Mar 21 17:06:59 zss-node1 NetworkManager[1393]: <info>
[1584781619.2197] device (lxdbr0): Activation: successful, device
activated.
Mar 21 17:06:59 zss-node1 dbus-daemon[1333]: [system] Activating via
systemd: service name='org.freedesktop.nm_dispatcher'
unit='dbus-org.freedesktop.nm-dispatcher.service' requested by
':1.6'
(uid=0 pid=1393 comm="/usr/sbin/NetworkManager --no-daemon "
label="unconfined")
Mar 21 17:06:59 zss-node1 systemd[1]: Starting Network Manager
Script
Dispatcher Service...
Mar 21 17:06:59 zss-node1 dbus-daemon[1333]: [system] Successfully
activated service 'org.freedesktop.nm_dispatcher'
Mar 21 17:06:59 zss-node1 systemd[1]: Started Network Manager Script
Dispatcher Service.
Mar 21 17:06:59 zss-node1 nm-dispatcher: req:1 'up' [lxdbr0]: new
request (3 scripts)
Mar 21 17:06:59 zss-node1 nm-dispatcher: req:1 'up' [lxdbr0]: start
running ordered scripts...
Mar 21 17:06:59 zss-node1 kernel: [ 306.922028] ip6_tables: (C)
2000-2006 Netfilter Core Team
Mar 21 17:06:59 zss-node1 systemd[1]: Reloading OpenBSD Secure Shell
server.
Mar 21 17:06:59 zss-node1 systemd[1]: Reloaded OpenBSD Secure Shell
server.
Mar 21 17:06:59 zss-node1 ntpdate[2988]: Can't find host
ntp.myhuaweicloud.com: Name or service not known (-2)
Mar 21 17:06:59 zss-node1 ntpdate[2988]: no servers can be used,
exiting
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: started, version 2.79
cachesize 150
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: compile time options: IPv6
GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset
auth
DNSSEC loop-detect inotify
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: DHCP, IP range
10.151.165.2 -- 10.151.165.254, lease time 1h
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: DHCP, sockets bound
exclusively to interface lxdbr0
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: using local addresses only
for
domain lxd
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: reading /etc/resolv.conf
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: using local addresses only
for
domain lxd
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: using nameserver
127.0.0.53#53
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: read /etc/hosts - 13
addresses
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/aaa
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/bbb
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/ubuntu-1804-64
Mar 21 17:06:59 zss-node1 dnsmasq[3012]: read /etc/hosts - 13
addresses
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/aaa
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/bbb
Mar 21 17:06:59 zss-node1 dnsmasq-dhcp[3012]: read
/var/lib/lxd/networks/lxdbr0/dnsmasq.hosts/ubuntu-1804-64
Mar 21 17:08:16 zss-node1 kernel: [ 383.815252] aufs
test_add:292:mount[3157]: uid/gid/perm
/var/lib/lxd/storage-pools/default/containers/bbb
100000/100000/0711,
100000/100000/0755
Mar 21 17:08:33 zss-node1 kernel: [ 401.131359] Ebtables v2.0
registered
Mar 21 17:08:43 zss-node1 kernel: [ 411.360332] kauditd_printk_skb:
27
callbacks suppressed
Mar 21 17:08:43 zss-node1 kernel: [ 411.360333] audit: type=1400
audit(1584781723.664:39): apparmor="STATUS" operation="profile_load"
profile="unconfined" name="lxd-bbb_</var/lib/lxd>" pid=3235
comm="apparmor_parser"
Mar 21 17:08:43 zss-node1 kernel: [ 411.372532] lxdbr0: port
1(vethOCPL4M) entered blocking state
Mar 21 17:08:43 zss-node1 kernel: [ 411.372534] lxdbr0: port
1(vethOCPL4M) entered disabled state
Mar 21 17:08:43 zss-node1 kernel: [ 411.373065] device vethOCPL4M
entered promiscuous mode
Mar 21 17:08:43 zss-node1 kernel: [ 411.373510] IPv6:
ADDRCONF(NETDEV_UP): vethOCPL4M: link is not ready
Mar 21 17:08:43 zss-node1 systemd-udevd[3238]: link_config:
autonegotiation is unset or enabled, the speed and duplex are not
writable.
Mar 21 17:08:43 zss-node1 systemd-udevd[3238]: Could not generate
persistent MAC address for vethOUVFCY: No such file or directory
Mar 21 17:08:43 zss-node1 systemd-udevd[3239]: link_config:
autonegotiation is unset or enabled, the speed and duplex are not
writable.
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6810] manager: (vethOUVFCY): new Veth device
(/org/freedesktop/NetworkManager/Devices/5)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6818] manager: (vethOCPL4M): new Veth device
(/org/freedesktop/NetworkManager/Devices/6)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6859] devices added (path:
/sys/devices/virtual/net/vethOUVFCY, iface: vethOUVFCY)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6859] device added (path:
/sys/devices/virtual/net/vethOUVFCY, iface: vethOUVFCY): no ifupdown
configuration found.
Mar 21 17:08:43 zss-node1 snapd[1378]: snapmgr.go:249: cannot read
snap
info of snap "core" at revision 8689: cannot find installed snap
"core"
at revision 8689: missing file /snap/core/8689/meta/snap.yaml
Mar 21 17:08:43 zss-node1 snapd[1378]: snapmgr.go:249: cannot read
snap
info of snap "core" at revision 8689: cannot find installed snap
"core"
at revision 8689: missing file /snap/core/8689/meta/snap.yaml
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6867] devices added (path:
/sys/devices/virtual/net/vethOCPL4M, iface: vethOCPL4M)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.6868] device added (path:
/sys/devices/virtual/net/vethOCPL4M, iface: vethOCPL4M): no ifupdown
configuration found.
Mar 21 17:08:43 zss-node1 kernel: [ 411.485175] eth0: renamed from
vethOUVFCY
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.7950] devices removed (path:
/sys/devices/virtual/net/vethOUVFCY, iface: vethOUVFCY)
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.8076] device (vethOCPL4M): carrier: link connected
Mar 21 17:08:43 zss-node1 NetworkManager[1393]: <info>
[1584781723.8080] device (lxdbr0): carrier: link connected
Mar 21 17:08:43 zss-node1 kernel: [ 411.500184] IPv6:
ADDRCONF(NETDEV_UP): eth0: link is not ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500373] IPv6:
ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500395] IPv6:
ADDRCONF(NETDEV_CHANGE): vethOCPL4M: link becomes ready
Mar 21 17:08:43 zss-node1 kernel: [ 411.500436] lxdbr0: port
1(vethOCPL4M) entered blocking state
Mar 21 17:08:43 zss-node1 kernel: [ 411.500437] lxdbr0: port
1(vethOCPL4M) entered forwarding state
Mar 21 17:08:43 zss-node1 systemd[1]:
proc-sys-fs-binfmt_misc.automount: Got automount request for
/proc/sys/fs/binfmt_misc, triggered by 3243 (lxd)
Mar 21 17:08:43 zss-node1 systemd[1]: Mounting Arbitrary Executable
File Formats File System...
Mar 21 17:08:43 zss-node1 systemd[1]: Mounted Arbitrary Executable
File
Formats File System.
Mar 21 17:08:46 zss-node1 kernel: [ 414.191802] audit: type=1400
audit(1584781726.492:40): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/bin/man" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.191804] audit: type=1400
audit(1584781726.492:41): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="man_filter" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.191806] audit: type=1400
audit(1584781726.492:42): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="man_groff" pid=3644 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.192522] audit: type=1400
audit(1584781726.496:43): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/snapd/snap-confine" pid=3645 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.192524] audit: type=1400
audit(1584781726.496:44): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/snapd/snap-confine//mount-namespace-capture-helper"
pid=3645 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195610] audit: type=1400
audit(1584781726.496:45): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/sbin/dhclient" pid=3643 comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195613] audit: type=1400
audit(1584781726.496:46): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/NetworkManager/nm-dhcp-client.action" pid=3643
comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195614] audit: type=1400
audit(1584781726.496:47): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/NetworkManager/nm-dhcp-helper" pid=3643
comm="apparmor_parser"
Mar 21 17:08:46 zss-node1 kernel: [ 414.195616] audit: type=1400
audit(1584781726.496:48): apparmor="STATUS" operation="profile_load"
label="lxd-bbb_</var/lib/lxd>//&:lxd-bbb_<var-lib-lxd>:unconfined"
name="/usr/lib/connman/scripts/dhclient-script" pid=3643
comm="apparmor_parser"
Mar 21 17:15:51 zss-node1 systemd[1]: Started Session 3 of user
root.
Mar 21 17:16:48 zss-node1 systemd-resolved[1250]: Grace period over,
resuming full feature set (UDP+EDNS0) for DNS server
114.114.115.115.
Mar 21 17:17:01 zss-node1 CRON[5298]: (root) CMD ( cd / &&
run-parts
--report /etc/cron.hourly)
Mar 21 17:17:02 zss-node1 systemd[1]: Starting Cleanup of Temporary
Directories...
Mar 21 17:17:02 zss-node1 systemd[1]: Started Cleanup of Temporary
Directories.
Mar 21 17:20:43 zss-node1 systemd[1]: Starting Message of the Day...
Mar 21 17:20:43 zss-node1 systemd-resolved[1250]: Using degraded
feature set (UDP) for DNS server 114.114.115.115.
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: * Latest Kubernetes
1.18
beta is now available for your laptop, NUC, cloud
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: instance or
Raspberry
Pi, with automatic updates to the final GA release.
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: sudo snap install
microk8s --channel=1.18/beta --classic
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: * Multipass 1.1 adds
proxy support for developers behind enterprise
Mar 21 17:20:51 zss-node1 50-motd-news[5318]: firewalls. Rapid
prototyping for cloud operations just got easier.
Mar 21 17:20:51 zss-node1 50-motd-news[5318]:
https://multipass.run/
Mar 21 17:20:51 zss-node1 systemd[1]: Started Message of the Day.
__________________________________________________________________
Michael Mao
From: [1]J. R. Okajima
Date: 2020-03-21 14:14
To: [2]homalu
CC: [3]aufs-users
Subject: Re: LXC unpreviliged problem with aufs mounted on nfs
homalu:
> My NFS export file is like this :
> /mnt/NFSmountpoint
172.16.0.0/24(rw,fsid=0,insecure,no_root_squash,no_subtree_check,sync,c
rossmnt).
> Is this OK?
I hope so, but I am not sure.
As a next step, I'd suggest you to check the kernel log on nfs
client,
whether aufs complained about XATTR on nfs.
J. R. Okajima
References
1. mailto:[email protected]
2. mailto:[email protected]
3. mailto:[email protected]
References
1. http://aufs.sourceforge.net/
2. mailto:[email protected]
3. mailto:[email protected]
4. mailto:[email protected]
