[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
*** This bug is a duplicate of bug 1350947 *** https://bugs.launchpad.net/bugs/1350947 Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: lxc (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
*** This bug is a duplicate of bug 1350947 *** https://bugs.launchpad.net/bugs/1350947 It appears that as tyhicks pointed out this is a dup of bug 1350947. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
*** This bug is a duplicate of bug 1350947 *** https://bugs.launchpad.net/bugs/1350947 The only way I can get this to work is to add "mount," to /etc/apparmor.d/abstractions/lxc/start-container If I add something like "mount options=slave" "remount options=slave" that does not suffice. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
*** This bug is a duplicate of bug 1350947 *** https://bugs.launchpad.net/bugs/1350947 James if you'd like to increase the priority of bug 1350947 please do so. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
*** This bug is a duplicate of bug 1350947 *** https://bugs.launchpad.net/bugs/1350947 hah, as pointed out in comment #4 of that bug. Marking this as a dup ** This bug has been marked a duplicate of bug 1350947 apparmor: no working rule to allow making a mount private -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
I would have assumed systemd is on neither. Since it seems to be the same all the way since Trusty (at least). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
Is this only happening when systemd is in the container, or when systemd is on the host? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
When stracing lxc-start one of the sub-processes is doing the access. This is the strace of that sub-process. ** Attachment added: "lxc-start.strace.3131" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+attachment/4278745/+files/lxc-start.strace.3131 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
lxc-start.strace.3093:clone(child_stack=0x7fff7fbc0290,
flags=CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD)
= 3131
lxc-start.strace.3093:open("/proc/3131/ns/net", O_RDONLY) = 16
lxc-start.strace.3093:waitid(P_PID, 3131, {}, WNOHANG|WEXITED|WNOWAIT, NULL) =
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container corrupts all network namespaces on the
same physical host
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
This is the output of "apparmor_parser -p /etc/apparmor.d/usr.bin.lxc- start" on Vivid with 3.16 kernel. ** Attachment added: "aa-parser.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+attachment/4278746/+files/aa-parser.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
so I think it's some systemd handling which does that. LXC unshares the mnt namespace which gets it a copy of the host's, then it's doing some magic (rprivate I believe) to get things working under systemd, then mounts what it needs, unmounts everything else and pivot_root. lxc itself has no code to deal with /run/netns, so it's not special casing it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
Stop the bot. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
So for now I added also a task for the kernel, though the truth (if such a thing exists) could be somewhere between. Serge, Stephane, what we probably need to figure out is what exactly lxc-start tries to get done when slave mounting /run/netns. And somehow it might be possible that it needs improvement for the case that this is denied or fails. Looking at it from the outside it feels like going on assuming it got its own space but actually continuing to use the host space. The other thing would be that this sound like lxc-start would require a rule to actually allow it to do that mount of /run/netns. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
Stop the bot. ** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
** Also affects: linux (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
Can you please attach the output of apparmor_parser -p /etc/apparmor.d/usr.bin.lxc-start -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
Hm, as a data-point. It seems for the testing one can set /usr/bin/lxc- start to complain mode: aa-complain /usr/bin/lxc-start and when I did that the test netns is still usable after lxc-start. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
I had assumed that "test-test" was a type and saw the same result after starting the container with "test", too. So somehow starting an lxc container seems to have an impact on netns. Not sure whether the apparmor message may relate which seems to trigger when lxc-start tries to mount /run/netns. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
** Tags added: landscape -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
Confirmed on vivid as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
Confirmed on utopic as well. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
sudo ip netns exec test ip addr -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host
To reproduce: sudo lxc-create --name test -t ubuntu-cloud sudo ip netns add test sudo ip netns exec test ip addr 1: lo: mtu 65536 qdisc noop state DOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 sudo lxc-start -d --name test sudo ip netns exec test-tests ip addr seting the network namespace "test-tests" failed: Invalid argument -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1401148 Title: Re/starting an lxc container corrupts all network namespaces on the same physical host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
