[lxc-users] lxcfs removed by accident, how to recover?
Hi folks, I have removed the lxcfs package by accident, while the containers are still running. Now ps in the containers gives me # ps -ef Error: /proc must be mounted To mount /proc at boot you need an /etc/fstab line like: proc /proc procdefaults In the meantime, run "mount proc /proc -t proc" ls -l /proc gives me a some lines with ???. Is there some way to recover without restaring the containers? I tried to mount and remount /proc on a test system, with and without lxcfs reinstalled. This is lxc 2.0.9 and lxcfs 2.0.7 on Stretch. Every helpful comment is highly appreciated Harri ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Connecting android phones to lxc container
In lxc version 1, it was easy to have access to a connected usb phone in a lxc container: Add following in the lxc container config: lxc.cgroup.devices.allow = c 189:* rwm # dev/bus/usb lxc.mount.entry = /dev/bus/usb dev/bus/usb none bind,optional,create=dir But for some reason, when upgrading to lxc 2 (either on debian Stretch, or Debian Jessie with backports) the phone device is not accessible anymore, expect when you run lxc-device add -n node02 /dev/bus/usb/xxx/yyy (or with some udev rules to create a fixed link: lxc-device add -n jenkins02 /dev/Samsung-Galaxy-S4) Installed lxc version: Debian Jessie: 2.0.7-2~bpo8+1 Debian Stretch: 2.0.7-2+deb9u1 Debian Jessie: 1.0.6-6+deb8u6 (that one works..) What is the reason for needing to run the lxc-device add command? For some reason, sometimes the phone seems to reconnect, causing it to get a different path, and being not available anymore in the container, until being re-added. The pro of the situation is that it is possible to assign usb connected phones to different lxc containers, but as it is hard to check from the host if a phone is still connected properly to the lxc container, it is hard to rerun the lxc-device command. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxcfs removed by accident, how to recover?
On Tue, Jan 30, 2018 at 7:34 PM, Harald Dunkel wrote: > Hi folks, > > I have removed the lxcfs package by accident, while the containers > are still running. > Is there some way to recover without restaring the containers? I'm pretty sure the answer is "no". Even lxcfs package no longer automatically restart itself during upgrade. -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxcfs removed by accident, how to recover?
On Tue, Jan 30, 2018 at 09:34:59PM +0700, Fajar A. Nugraha wrote: > On Tue, Jan 30, 2018 at 7:34 PM, Harald Dunkel > wrote: > > Hi folks, > > > > I have removed the lxcfs package by accident, while the containers > > are still running. > > > Is there some way to recover without restaring the containers? > > I'm pretty sure the answer is "no". Even lxcfs package no longer > automatically restart itself during upgrade. > > -- > Fajar Yeah, there's effectively no way to re-inject those mounts inside a running container. So you're going to need to restart those containers. Until then, you can "umount" the various lxcfs files from within the container so that rather than a complete failure to access those files, you just get the non-namespaced version of the file. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: PGP signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Getting GID, UID of container process from container host
Hi, Is there a way we can get the PID/GID/UID of a container process using the host PID/GID/UID of that container process ? Basically mapping of host PID/GID/UID to container PID/GID/UID. Thanks, Shailendra ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxcfs removed by accident, how to recover?
On 01/30/18 17:17, Stéphane Graber wrote: > > So you're going to need to restart those containers. > Until then, you can "umount" the various lxcfs files from within the > container so that rather than a complete failure to access those files, > you just get the non-namespaced version of the file. > Thats more than I hoped for. It allows me to do a clean shutdown. Very helpful response. Thanx very much Harri signature.asc Description: OpenPGP digital signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Is anybody of this list at the cloudfest (Germany, March 10-16)
Hello Everybody, LXD/LXC is cloud-computing! Is anybody of you at german "CLOUDFEST" 2018 in Europa-Park-Rust? I am there and I would like to meet interessting people :) kind regards, Ingo Baab - https://baab.de ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] User Mode Linux within a Linux Container
Does anybody has run User Mode Linux (UML) within a Linux Container? And several UMLs within several Containers? (one UML by Container) Is there any limitation so that this can not be done? Regards. PAP ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxcfs removed by accident, how to recover?
On 01/30/18 18:24, Harald Dunkel wrote: > On 01/30/18 17:17, Stéphane Graber wrote: >> >> So you're going to need to restart those containers. >> Until then, you can "umount" the various lxcfs files from within the >> container so that rather than a complete failure to access those files, >> you just get the non-namespaced version of the file. >> > > Thats more than I hoped for. It allows me to do a clean shutdown. > Very helpful response. > PS: I could umount most lxcfs items, but it seems systemd keeps /proc/swaps busy. lxc-stop complained for these containers lxc-stop 20180130193610.338 ERRORlxc_commands_utils - commands_utils.c:lxc_cmd_sock_rcv_state:71 - failed to receive message: Resource temporarily unavailable lxc-stop 20180130193610.544 ERRORlxc_commands - commands.c:lxc_cmd_rsp_recv:157 - Command stop response data 1785884787 too long. The containers using sysvinit were fine (no flamewar, please). Regards Harri ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Getting GID, UID of container process from container host
On Tue, Jan 30, 2018 at 10:19:12PM +0530, Shailendra Rana wrote: > Hi, > > Is there a way we can get the PID/GID/UID of a container process using > the host PID/GID/UID of that container process ? Basically mapping of > host PID/GID/UID to container PID/GID/UID. > > Thanks, > Shailendra It's technically doable, yes, but not particularly enjoyable :) stgraber@castiana:~$ ls -lh /proc/ | grep 8261 dr-xr-xr-x 9 100 1000 Jan 30 15:33 8261 stgraber@castiana:~$ cat /proc/8261/status | grep -i ns NStgid: 82611 NSpid: 82611 NSpgid: 82611 NSsid: 82611 stgraber@castiana:~$ cat /proc/8261/uid_map 0100 10 stgraber@castiana:~$ cat /proc/8261/gid_map 0100 10 In this case, host PID 8261 is PID 1 in the container as can be found in the status file. For the owner, you need to read the uid and gid map, then do the math. In this case, the map says that uid 0 in the container is uid 100 on the host. The gid map is the same, so that means that this process is running as uid=0 gid=0 in the container. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: PGP signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] User Mode Linux within a Linux Container
On Wed, Jan 31, 2018 at 2:54 AM, Pablo Pessolani wrote: > Does anybody has run User Mode Linux (UML) within a Linux Container? > > And several UMLs within several Containers? (one UML by Container) > > Is there any limitation so that this can not be done? If you're doing this for research purposes, I say 'try it and report the result'. I've had success running openvpn (which use tun/tap adapter that UML also need) even inside unprivileged container, with minor changes to the systemd unit to enable autostart. I've also run virtualbox in privileged containers (although in this case IIRC I had to disable/modify apparmor/seccomp/dropped capabilities, which would make it undesirable for 'production' uses). My GUESS is that UML will behave similar to openvpn (since it doesn't require any special kernel module other than tun/tap). If you're doing this for performance / security / privilege separation purposes, I suggest don't do that. Possibly look into nested containers instead. -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Is anybody of this list at the cloudfest (Germany, March 10-16)
Greetings, Ingo Baab! > Hello Everybody, > LXD/LXC is cloud-computing! Is anybody of you at german "CLOUDFEST" 2018 > in Europa-Park-Rust? > I am there and I would like to meet interessting people :) How's your post is related to lxcfs issue people discussing? -- With best regards, Andrey Repin Wednesday, January 31, 2018 03:18:57 Sorry for my terrible english... ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
