[lxc-users] Networking not working in unconfined overlayfs container
Hi, I've been using LXC for over two years without problems. This week, I upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs containers stopped getting IP assigned. In my machine the error can be reproduced in this way: 1. lxc-create -n base -t ubuntu 2. Edit ubuntu/config to add lxc.aa_profile = unconfined 3. lxc-clone -s -B overlayfs ubuntu tmp 4. lxc-start -n tmp -d 5. lxc-ls -f shows: NAME STATEIPV4IPV6 GROUPS AUTOSTART --- tmpRUNNING - *(no IP)* - - NO ubuntu STOPPED - - - NO Interestingly, I don't run into this issue when running the container in confined mode (without lxc.aa_profile = unconfined). I checked past threads in this list and in launchpad, and noticed that some people had problems with overlayfs when upgrading to vivid, but it seems that these problems were fixed in LXC 1.1 release. I'm running on LXC 1.1.2. Any thoughts? Thanks, Fred ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Networking not working in unconfined overlayfs container
Quoting Frederico Araujo (arau...@gmail.com): > Hi, > > I've been using LXC for over two years without problems. This week, I > upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs > containers stopped getting IP assigned. In my machine the error can be > reproduced in this way: > > 1. lxc-create -n base -t ubuntu Do you have this problem if you use the download template? > 2. Edit ubuntu/config to add lxc.aa_profile = unconfined interesting that it has to be unconfined. if you tail -f /var/log/syslog and then start the container, does the tail -f output show any DENIED messages? > 3. lxc-clone -s -B overlayfs ubuntu tmp Does the 'ubuntu' container start ok? > 4. lxc-start -n tmp -d > 5. lxc-ls -f shows: > > NAME STATEIPV4IPV6 GROUPS AUTOSTART > --- > tmpRUNNING - *(no IP)* - - NO > ubuntu STOPPED - - - NO Are you able to lxc-attach -n tmp and look around? what does 'ps -ef' and 'ifconfig -a' show? > Interestingly, I don't run into this issue when running the container in > confined mode (without lxc.aa_profile = unconfined). I checked past threads > in this list and in launchpad, and noticed that some people had problems > with overlayfs when upgrading to vivid, but it seems that these problems > were fixed in LXC 1.1 release. I'm running on LXC 1.1.2. > > Any thoughts? > > Thanks, > Fred > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Networking not working in unconfined overlayfs container
Hi Serge, Yes, I downloaded a fresh template for ubuntu and its overlay clones start okay, and I'm able to attach and run commands on them. However, eth0 has no IP assigned when unconfined. I think the problem might be related to changes in systemd (I'm using version 219) and overlayfs on vivid. I do see many permission denied messages in the boot logs of the container (please see attached an example output), but couldn't find much help online. lxc-attach -n test -- ifconfig -a eth0 Link encap:Ethernet HWaddr 00:16:3e:23:59:24 inet6 addr: fe80::216:3eff:fe23:5924/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4285 (4.2 KB) TX bytes:648 (648.0 B) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:24 errors:0 dropped:0 overruns:0 frame:0 TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1888 (1.8 KB) TX bytes:1888 (1.8 KB) lxc-attach -n test -- ps -ef UIDPID PPID C STIME TTY TIME CMD root 1 0 0 15:45 ?00:00:00 /sbin/init root 352 1 0 15:45 ?00:00:00 /lib/systemd/systemd-journald root 613 1 0 15:45 ?00:00:00 /usr/sbin/cron -f syslog 673 1 0 15:45 ?00:00:00 /usr/sbin/rsyslogd -n root 710 1 0 15:45 ?00:00:00 /usr/sbin/sshd -D root 760 1 0 15:45 pts/100:00:00 /sbin/agetty --noclear --keep-baud pts/1 115200 38400 9600 vt220 root 770 1 0 15:45 lxc/console 00:00:00 /sbin/agetty --noclear --keep-baud console 115200 38400 9600 v root 780 1 0 15:45 pts/200:00:00 /sbin/agetty --noclear --keep-baud pts/2 115200 38400 9600 vt220 root 790 1 0 15:45 pts/000:00:00 /sbin/agetty --noclear --keep-baud pts/0 115200 38400 9600 vt220 root 800 1 0 15:45 pts/300:00:00 /sbin/agetty --noclear --keep-baud pts/3 115200 38400 9600 vt220 root 913 0 0 15:50 pts/200:00:00 ps -ef Thanks! Best, Fred On Mon, Oct 5, 2015 at 11:49 AM, Serge Hallyn wrote: > Quoting Frederico Araujo (arau...@gmail.com): > > Hi, > > > > I've been using LXC for over two years without problems. This week, I > > upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs > > containers stopped getting IP assigned. In my machine the error can be > > reproduced in this way: > > > > 1. lxc-create -n base -t ubuntu > > Do you have this problem if you use the download template? > > > 2. Edit ubuntu/config to add lxc.aa_profile = unconfined > > interesting that it has to be unconfined. > > if you tail -f /var/log/syslog and then start the container, does > the tail -f output show any DENIED messages? > > > 3. lxc-clone -s -B overlayfs ubuntu tmp > > Does the 'ubuntu' container start ok? > > > 4. lxc-start -n tmp -d > > 5. lxc-ls -f shows: > > > > NAME STATEIPV4IPV6 GROUPS AUTOSTART > > --- > > tmpRUNNING - *(no IP)* - - NO > > ubuntu STOPPED - - - NO > > Are you able to lxc-attach -n tmp and look around? what does 'ps -ef' > and 'ifconfig -a' show? > > > Interestingly, I don't run into this issue when running the container in > > confined mode (without lxc.aa_profile = unconfined). I checked past > threads > > in this list and in launchpad, and noticed that some people had problems > > with overlayfs when upgrading to vivid, but it seems that these problems > > were fixed in LXC 1.1 release. I'm running on LXC 1.1.2. > > > > Any thoughts? > > > > Thanks, > > Fred > > > ___ > > lxc-users mailing list > > lxc-users@lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-users > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users test.log Description: Binary data ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Networking not working in unconfined overlayfs container
Hi, before I try to reproduce this, can you confirm whether using the kernel from vivid-proposed fixes it? Quoting Frederico Araujo (arau...@gmail.com): > Hi Serge, > > Yes, I downloaded a fresh template for ubuntu and its overlay clones start > okay, and I'm able to attach and run commands on them. However, eth0 has no > IP assigned when unconfined. > > I think the problem might be related to changes in systemd (I'm using > version 219) and overlayfs on vivid. I do see many permission denied > messages in the boot logs of the container (please see attached an example > output), but couldn't find much help online. > > lxc-attach -n test -- ifconfig -a > eth0 Link encap:Ethernet HWaddr 00:16:3e:23:59:24 > inet6 addr: fe80::216:3eff:fe23:5924/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:29 errors:0 dropped:0 overruns:0 frame:0 > TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:4285 (4.2 KB) TX bytes:648 (648.0 B) > > loLink encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:65536 Metric:1 > RX packets:24 errors:0 dropped:0 overruns:0 frame:0 > TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:1888 (1.8 KB) TX bytes:1888 (1.8 KB) > > lxc-attach -n test -- ps -ef > UIDPID PPID C STIME TTY TIME CMD > root 1 0 0 15:45 ?00:00:00 /sbin/init > root 352 1 0 15:45 ?00:00:00 > /lib/systemd/systemd-journald > root 613 1 0 15:45 ?00:00:00 /usr/sbin/cron -f > syslog 673 1 0 15:45 ?00:00:00 /usr/sbin/rsyslogd -n > root 710 1 0 15:45 ?00:00:00 /usr/sbin/sshd -D > root 760 1 0 15:45 pts/100:00:00 /sbin/agetty --noclear > --keep-baud pts/1 115200 38400 9600 vt220 > root 770 1 0 15:45 lxc/console 00:00:00 /sbin/agetty --noclear > --keep-baud console 115200 38400 9600 v > root 780 1 0 15:45 pts/200:00:00 /sbin/agetty --noclear > --keep-baud pts/2 115200 38400 9600 vt220 > root 790 1 0 15:45 pts/000:00:00 /sbin/agetty --noclear > --keep-baud pts/0 115200 38400 9600 vt220 > root 800 1 0 15:45 pts/300:00:00 /sbin/agetty --noclear > --keep-baud pts/3 115200 38400 9600 vt220 > root 913 0 0 15:50 pts/200:00:00 ps -ef > > Thanks! > > Best, > Fred > > > On Mon, Oct 5, 2015 at 11:49 AM, Serge Hallyn > wrote: > > > Quoting Frederico Araujo (arau...@gmail.com): > > > Hi, > > > > > > I've been using LXC for over two years without problems. This week, I > > > upgraded my Ubuntu from Trusty to Vivid, and I noticed that my overlayfs > > > containers stopped getting IP assigned. In my machine the error can be > > > reproduced in this way: > > > > > > 1. lxc-create -n base -t ubuntu > > > > Do you have this problem if you use the download template? > > > > > 2. Edit ubuntu/config to add lxc.aa_profile = unconfined > > > > interesting that it has to be unconfined. > > > > if you tail -f /var/log/syslog and then start the container, does > > the tail -f output show any DENIED messages? > > > > > 3. lxc-clone -s -B overlayfs ubuntu tmp > > > > Does the 'ubuntu' container start ok? > > > > > 4. lxc-start -n tmp -d > > > 5. lxc-ls -f shows: > > > > > > NAME STATEIPV4IPV6 GROUPS AUTOSTART > > > --- > > > tmpRUNNING - *(no IP)* - - NO > > > ubuntu STOPPED - - - NO > > > > Are you able to lxc-attach -n tmp and look around? what does 'ps -ef' > > and 'ifconfig -a' show? > > > > > Interestingly, I don't run into this issue when running the container in > > > confined mode (without lxc.aa_profile = unconfined). I checked past > > threads > > > in this list and in launchpad, and noticed that some people had problems > > > with overlayfs when upgrading to vivid, but it seems that these problems > > > were fixed in LXC 1.1 release. I'm running on LXC 1.1.2. > > > > > > Any thoughts? > > > > > > Thanks, > > > Fred > > > > > ___ > > > lxc-users mailing list > > > lxc-users@lists.linuxcontainers.org > > > http://lists.linuxcontainers.org/listinfo/lxc-users > > > > ___ > > lxc-users mailing list > > lxc-users@lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-users > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontai
Re: [lxc-users] Networking not working in unconfined overlayfs container
Hi Serge, I used the released version of vivid; I will setup another VM to test it on vivid-proposed (likely during the weekend) and get back to you asap. Thanks, Fred On Mon, Oct 12, 2015 at 11:58 AM, Serge Hallyn wrote: > Hi, > > before I try to reproduce this, can you confirm whether using the > kernel from vivid-proposed fixes it? > > Quoting Frederico Araujo (arau...@gmail.com): > > Hi Serge, > > > > Yes, I downloaded a fresh template for ubuntu and its overlay clones > start > > okay, and I'm able to attach and run commands on them. However, eth0 has > no > > IP assigned when unconfined. > > > > I think the problem might be related to changes in systemd (I'm using > > version 219) and overlayfs on vivid. I do see many permission denied > > messages in the boot logs of the container (please see attached an > example > > output), but couldn't find much help online. > > > > lxc-attach -n test -- ifconfig -a > > eth0 Link encap:Ethernet HWaddr 00:16:3e:23:59:24 > > inet6 addr: fe80::216:3eff:fe23:5924/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:29 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:4285 (4.2 KB) TX bytes:648 (648.0 B) > > > > loLink encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:65536 Metric:1 > > RX packets:24 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:24 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:1888 (1.8 KB) TX bytes:1888 (1.8 KB) > > > > lxc-attach -n test -- ps -ef > > UIDPID PPID C STIME TTY TIME CMD > > root 1 0 0 15:45 ?00:00:00 /sbin/init > > root 352 1 0 15:45 ?00:00:00 > > /lib/systemd/systemd-journald > > root 613 1 0 15:45 ?00:00:00 /usr/sbin/cron -f > > syslog 673 1 0 15:45 ?00:00:00 /usr/sbin/rsyslogd -n > > root 710 1 0 15:45 ?00:00:00 /usr/sbin/sshd -D > > root 760 1 0 15:45 pts/100:00:00 /sbin/agetty --noclear > > --keep-baud pts/1 115200 38400 9600 vt220 > > root 770 1 0 15:45 lxc/console 00:00:00 /sbin/agetty --noclear > > --keep-baud console 115200 38400 9600 v > > root 780 1 0 15:45 pts/200:00:00 /sbin/agetty --noclear > > --keep-baud pts/2 115200 38400 9600 vt220 > > root 790 1 0 15:45 pts/000:00:00 /sbin/agetty --noclear > > --keep-baud pts/0 115200 38400 9600 vt220 > > root 800 1 0 15:45 pts/300:00:00 /sbin/agetty --noclear > > --keep-baud pts/3 115200 38400 9600 vt220 > > root 913 0 0 15:50 pts/200:00:00 ps -ef > > > > Thanks! > > > > Best, > > Fred > > > > > > On Mon, Oct 5, 2015 at 11:49 AM, Serge Hallyn > > wrote: > > > > > Quoting Frederico Araujo (arau...@gmail.com): > > > > Hi, > > > > > > > > I've been using LXC for over two years without problems. This week, I > > > > upgraded my Ubuntu from Trusty to Vivid, and I noticed that my > overlayfs > > > > containers stopped getting IP assigned. In my machine the error can > be > > > > reproduced in this way: > > > > > > > > 1. lxc-create -n base -t ubuntu > > > > > > Do you have this problem if you use the download template? > > > > > > > 2. Edit ubuntu/config to add lxc.aa_profile = unconfined > > > > > > interesting that it has to be unconfined. > > > > > > if you tail -f /var/log/syslog and then start the container, does > > > the tail -f output show any DENIED messages? > > > > > > > 3. lxc-clone -s -B overlayfs ubuntu tmp > > > > > > Does the 'ubuntu' container start ok? > > > > > > > 4. lxc-start -n tmp -d > > > > 5. lxc-ls -f shows: > > > > > > > > NAME STATEIPV4IPV6 GROUPS > AUTOSTART > > > > > --- > > > > tmpRUNNING - *(no IP)* - - NO > > > > ubuntu STOPPED - - - NO > > > > > > Are you able to lxc-attach -n tmp and look around? what does 'ps -ef' > > > and 'ifconfig -a' show? > > > > > > > Interestingly, I don't run into this issue when running the > container in > > > > confined mode (without lxc.aa_profile = unconfined). I checked past > > > threads > > > > in this list and in launchpad, and noticed that some people had > problems > > > > with overlayfs when upgrading to vivid, but it seems that these > problems > > > > were fixed in LXC 1.1 release. I'm running on LXC 1.1.2. > > > > > > > > Any thoughts? > > > > > > > > Thanks, > > > > Fred > > > > > > > ___ > > > > lxc-users mailing list > > > > lxc-users@lists.linuxcontainers.org > > > > http://lists.linuxcontainers.org/lis