Stephane I just tried enabling nesting on the "child" container then entered it and tried
apt-get update apt-get upgrade -y still get the same errors... Brian On Fri, Mar 15, 2019 at 11:36 AM brian mullan <bmullan.m...@gmail.com> wrote: > Stephane > > Thanks... I've tried everything else I could think of so I'll give that a > shot and see what happens. > > A few months ago I think this all worked but my memory is so good anymore > :-) > > I'll let you know what happens. > > Brian > > > > On Fri, Mar 15, 2019 at 11:19 AM Stéphane Graber <stgra...@ubuntu.com> > wrote: > >> On Fri, Mar 15, 2019 at 10:41:55AM -0400, brian mullan wrote: >> > I am encountering a strange problem with Nested LXD on AWS EC2 Ubuntu >> 18.04 >> > instances... >> > >> > >> > > >> > > >> > > >> > > >> > > *snap 2.37.4snapd 2.37.4series 16ubuntu 18.04kernel >> > > 4.15.0-46-genericLXD 3.11* >> > >> > >> > In my AWS 18.04 host I install SNAP LXD and create an Ubuntu 18.04 >> > container lets call *"parent"* >> > >> > I enable Nesting for *"parent"* >> > >> > I enter "parent" and apt-get update, apt-get upgrade ... no problem >> > >> > In "parent" I also install SNAP LXD and create an Ubuntu 18.04 container >> > lets call *"child"* >> > >> > I enter "child" and when I try to "*apt-get update, apt-get upgrade*" >> ... I >> > see the very *same* packages to be upgraded >> > as I did when I upgrade "*parent*" ... however in *"child"* I get errors >> > related to apport, udev ?? >> > >> > I also see failure messages related to systemd-networkd.service access >> > denied etc (see below) >> > >> > Note: I tried this on a local KVM Ubuntu 18.04 VM >> > >> > *These are some of the packages that would be updated/upgraded in BOTH >> the >> > "parent" and "child" Ubuntu 18.04 container on an AWS EC2 Ubuntu Bionic >> > instance:* >> > >> > The following package was automatically installed and is no longer >> required: >> > libfreetype6 >> > Use 'apt autoremove' to remove it. >> > The following packages will be upgraded: >> > *apport* libnss-systemd libpam-modules libpam-modules-bin >> libpam-runtime >> > libpam-systemd libpam0g libseccomp2 libsystemd0 libudev1 >> > libxcb1 python3-apport python3-problem-report snapd systemd >> systemd-sysv* >> > udev* >> > 17 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. >> > Need to get 19.9 MB of archives. >> > After this operation, 49.2 kB of additional disk space will be used. >> > Do you want to continue? [Y/n] >> > >> > *Here are some of the errors that result...* >> > >> > (Reading database ... 28595 files and directories currently installed.) >> > Preparing to unpack .../libpam-runtime_1.1.8-3.6ubuntu2.18.04.1_all.deb >> ... >> > Unpacking libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) over >> (1.1.8-3.6ubuntu2) >> > ... >> > Setting up libpam-runtime (1.1.8-3.6ubuntu2.18.04.1) ... >> > Setting up systemd (237-3ubuntu10.15) ... >> > *Failed to try-restart systemd-networkd.service: Access denied* >> > See system logs and 'systemctl status systemd-networkd.service' for >> details. >> > *Failed to try-restart systemd-resolved.service: Access denied* >> > See system logs and 'systemctl status systemd-resolved.service' for >> details. >> > *Failed to try-restart systemd-timesyncd.service: Access denied* >> > See system logs and 'systemctl status systemd-timesyncd.service' for >> > details. >> > *Failed to try-restart systemd-journald.service: Access denied* >> > See system logs and 'systemctl status systemd-journald.service' for >> details. >> > (Reading database ... 28595 files and directories currently installed.) >> > Preparing to unpack .../systemd-sysv_237-3ubuntu10.15_amd64.deb ... >> > Unpacking systemd-sysv (237-3ubuntu10.15) over (237-3ubuntu10.13) ... >> > Preparing to unpack .../libseccomp2_2.3.1-2.1ubuntu4.1_amd64.deb ... >> > Unpacking libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) over >> (2.3.1-2.1ubuntu4) ... >> > Setting up libseccomp2:amd64 (2.3.1-2.1ubuntu4.1) ... >> > (Reading database ... 28595 files and directories currently installed.) >> > Preparing to unpack .../libxcb1_1.13-2~ubuntu18.04_amd64.deb ... >> > Unpacking libxcb1:amd64 (1.13-2~ubuntu18.04) over (1.13-1) ... >> > Preparing to unpack >> .../python3-problem-report_2.20.9-0ubuntu7.6_all.deb ... >> > Unpacking python3-problem-report (2.20.9-0ubuntu7.6) over >> > (2.20.9-0ubuntu7.5) ... >> > Preparing to unpack .../python3-apport_2.20.9-0ubuntu7.6_all.deb ... >> > Unpacking python3-apport (2.20.9-0ubuntu7.6) over (2.20.9-0ubuntu7.5) >> ... >> > Preparing to unpack .../apport_2.20.9-0ubuntu7.6_all.deb ... >> > *Failed to retrieve unit state: Access denied* >> > *invoke-rc.d: could not determine current runlevel* >> > *Failed to reload daemon: Access denied* >> > >> > *So I interrupted the script that was doing the above attempt at apt >> > update && apt upgrade -y * >> > *and opened a terminal and t**hen.. and tried this:* >> > >> > lxc exec test bash >> > apt update && apt upgrade >> > >> > But of course because i'd interrupted the above apt upgrade I had to >> do *dpkg >> > --configure -a* >> > >> > *dpkg --configure -a* >> > Setting up libnss-systemd:amd64 (237-3ubuntu10.15) ... >> > Processing triggers for ureadahead (0.100.0-20) ... >> > Setting up systemd-sysv (237-3ubuntu10.15) ... >> > Setting up python3-problem-report (2.20.9-0ubuntu7.6) ... >> > Processing triggers for libc-bin (2.27-3ubuntu1) ... >> > Setting up udev (237-3ubuntu10.15) ... >> > *Failed to reload daemon: Access denied* >> > dpkg: error processing package udev (--configure): >> > installed udev package post-installation script subprocess was >> interrupted >> > Processing triggers for man-db (2.8.3-2ubuntu0.1) ... >> > Processing triggers for dbus (1.12.2-1ubuntu1) ... >> > *Failed to open connection to "system" message bus: Failed to query >> > AppArmor policy: Permission denied* >> > Setting up libxcb1:amd64 (1.13-2~ubuntu18.04) ... >> > Setting up libpam-systemd:amd64 (237-3ubuntu10.15) ... >> > Setting up python3-apport (2.20.9-0ubuntu7.6) ... >> > dpkg: error processing package apport (--configure): >> > package is in a very bad inconsistent state; you should >> > reinstall it before attempting configuration >> > Processing triggers for libc-bin (2.27-3ubuntu1) ... >> > *Errors were encountered while processing:* >> > * udev* >> > * apport* >> > >> > *I went back and tried to reinstall apport...* >> > >> > # apt install --reinstall apport >> > Reading package lists... Done >> > Building dependency tree >> > Reading state information... Done >> > The following package was automatically installed and is no longer >> required: >> > libfreetype6 >> > Use 'apt autoremove' to remove it. >> > Suggested packages: >> > apport-gtk | apport-kde >> > The following packages will be upgraded: >> > apport >> > 1 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. >> > 2 not fully installed or removed. >> > Need to get 0 B/124 kB of archives. >> > After this operation, 0 B of additional disk space will be used. >> > (Reading database ... 28595 files and directories currently installed.) >> > Preparing to unpack .../apport_2.20.9-0ubuntu7.6_all.deb ... >> > *Failed to retrieve unit state: Access denied* >> > *invoke-rc.d: could not determine current runlevel* >> > *Failed to reload daemon: Access denied* >> > >> > ====================================== >> > >> > Does anyone have any idea what might be causing this? >> > Again this is happening on AWS and on a local KVM Ubuntu VM. >> >> Sounds like AppArmor messing with things in this case. >> Does enabling nesting for your nested container help somehow (the >> generated rules will change a bit as a result of that)? >> >> I'm pretty sure that if you look at `dmesg` you'll see some denials >> related to those package updates. I suspect the main difference between >> the two containers, other than the nested flag is that the parent >> container has its own apparmor namespace whereas the child has to run >> under a single apparmor profile as apparmor namespaces do not currently >> nest. >> >> > >> > Thanks for any ideas or suggestions. >> > >> > Brian >> >> > _______________________________________________ >> > lxc-users mailing list >> > lxc-users@lists.linuxcontainers.org >> > http://lists.linuxcontainers.org/listinfo/lxc-users >> >> >> -- >> Stéphane Graber >> Ubuntu developer >> http://www.ubuntu.com >> -----BEGIN PGP SIGNATURE----- >> >> iQIzBAABCgAdFiEEYC9WdmPlk7y9FPM4xjiXTWR5LWcFAlyLwloACgkQxjiXTWR5 >> LWeU9RAArKFs4T4v3sUzbAC3hgKE8BuhACFOHzoKcrxFaKLSiydBNL4zDRdwPSlG >> 6o3kLRjVTrxaVXcaCwV/HQ5W7bRsott96+KoDla8JDMfNYhUk0PxTq8SXMJADESv >> VSxXau92hqXTskiME9sIhg46yYa9bftTv/YWMHt5qymlP+uCqEkpkFlBILXs1WNn >> vkhnQ6YgEw5tvcXZEONC4FPRt8u9zoQSiBTMu83VHKrcqo6+aBP1i08SFiM8zcv1 >> /kzPRIdj+6AuemoKW42C3unKyhCl5hR38sIyhtJXhzmencKQmRsCJG260PME7Ubz >> LEUX7eyAH1+csiqBTSVpQQA2/YVeMQWCZ3jQxQ3GQtz9fKojsrBgKoqrLKF7lbew >> tLznOKWw26uXVwuvUrXSOjwgzSeqciaD4SbyB5HGWXhn7OWygVF/563HO6y0N3fM >> 1Odi1QiGFvJ7aUCNkXTiuymfmnDAwKNKJle8QCSn45/Lp88A7x3OG9e4KIMSFKCS >> O7vDC0/mfaO9OcWCROyrd5GjzPMTgwsA7mgq7pzVsVlnHwld8ht+5S+7c7uKy1q0 >> nHsh24wgQYToEBFaak7xVwGWyF/snsJPCpOw+FkvxmHHaqNKSSUc1zqYJydaaCL2 >> 0i3OU7RJGM7YworVM7ILjvC3DdY9i9rh0UqclO1aoblAtPOnTXs= >> =21Zu >> -----END PGP SIGNATURE----- >> >
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users