[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
** Changed in: lxc (Ubuntu Zesty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
** Changed in: juju-ci-tools Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
** Changed in: lxc (Ubuntu Zesty) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
This bug was fixed in the package lxc - 2.0.5-0ubuntu1.1 --- lxc (2.0.5-0ubuntu1.1) yakkety; urgency=medium * Cherry-pick bugfix from upstream: - s390x: Fix seccomp handling of personalities (LP: #1635639) -- Stéphane GraberFri, 21 Oct 2016 12:40:08 -0400 ** Changed in: lxc (Ubuntu Yakkety) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
Confirmed on both xenial and yakkety. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
This bug was fixed in the package lxc - 2.0.5-0ubuntu1~ubuntu16.04.2 --- lxc (2.0.5-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium * Cherry-pick bugfix from upstream: - s390x: Fix seccomp handling of personalities (LP: #1635639) -- Stéphane GraberFri, 21 Oct 2016 12:39:18 -0400 ** Changed in: lxc (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
** Changed in: lxc (Ubuntu) Status: In Progress => Triaged ** Also affects: lxc (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: lxc (Ubuntu Zesty) Importance: High Assignee: Stéphane Graber (stgraber) Status: Triaged ** Also affects: lxc (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu Xenial) Status: New => In Progress ** Changed in: lxc (Ubuntu Yakkety) Status: New => In Progress ** Changed in: lxc (Ubuntu Xenial) Importance: Undecided => High ** Changed in: lxc (Ubuntu Yakkety) Importance: Undecided => High ** Changed in: lxc (Ubuntu Yakkety) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Changed in: lxc (Ubuntu Xenial) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Description changed: + ## SRU paperwork + ### Rationale + LXC 2.0.5 added support for Seccomp on the s390x architecture for those kernels that support it. Unfortunately the personality handling for s390x is wrong and results in the profile being setup twice, causing a failure to start the container. + + This effectively means that LXC 2.0.5 fails out of the box on s390x. + + ### Test case + With LXC: + - lxc-start -n some-container -F + + With LXD: + - lxc start some-container + + ### Regression potential + Our own testing shows that the fix works perfectly fine. The code change itself only affects s390x (under ifdef) so can't possibly affect the other architectures. + + The worst that can happen should this fix be wrong is either status quo + (container won't start) or having the container start without seccomp + support (status quo when compared to 2.0.4). + + + ## Original bug report The s390x host used to Juju testing spontaneously broke today. The disk filled up, we restarted so that we could remove unused kernels. We discovered that lxc1 cannot create containers any more. $ sudo lxc-create -t ubuntu-cloud -n curtis -- -r xenial -a s390x $ sudo lxc-start -o lxc.log -n curtis lxc-start: tools/lxc_start.c: main: 344 The container failed to start. lxc-start: tools/lxc_start.c: main: 346 To get more details, run the container in foreground mode. lxc-start: tools/lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options. $ cat lxc.log lxc-start 20161020121833.069 ERRORlxc_seccomp - seccomp.c:get_new_ctx:224 - Seccomp error -17 (File exists) adding arch: 15 lxc-start 20161020121833.069 ERRORlxc_start - start.c:lxc_init:430 - failed loading seccomp policy lxc-start 20161020121833.069 ERRORlxc_start - start.c:__lxc_start:1313 - failed to initialize the container lxc-start 20161020121838.075 ERRORlxc_start_ui - tools/lxc_start.c:main:344 - The container failed to start. lxc-start 20161020121838.075 ERRORlxc_start_ui - tools/lxc_start.c:main:346 - To get more details, run the container in foreground mode. lxc-start 20161020121838.075 ERRORlxc_start_ui - tools/lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options. # sinzui: checking when s390x seccomp support was added to the # kernel, to see if it's just a missing config in our kernel that'd fix that # cleanly or if we'd need it backported to 4.4 which would be a bit more # annoying # sinzui: config-4.4.0-45-generic is what you're running right? # stgraber uname-a says 4.4.0-45-generic # stgraber> sinzui: you can workaround it by putting a file # with lxc.seccomp= # in /usr/share/lxc/config/common.conf.d/, that should get you going again WORK AROUND for LXC 1 # on the s390x-slave sudo vim /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf $ cat /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf # Advised to stgraber to add this file after seeing lxc-start fail with # lxc-start 20161020121833.069 ERRORlxc_seccomp - seccomp. lxc.seccomp= -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
Hello Curtis, or anyone else affected, Accepted lxc into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: lxc (Ubuntu Yakkety) Status: In Progress => Fix Committed ** Tags added: verification-needed ** Changed in: lxc (Ubuntu Xenial) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
I fixed this in upstream LXC yesterday, will upload SRUs today. ** Changed in: lxc (Ubuntu) Assignee: (unassigned) => Stéphane Graber (stgraber) ** Changed in: lxc (Ubuntu) Status: New => In Progress ** Changed in: lxc (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
** Changed in: juju-ci-tools Status: Fix Committed => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x
Current and new lxd containers are still broken. We see errors like this lxc start xenial-manual-a xenial-manual-b xenial-manual-c error: Error calling 'lxd forkstart xenial-manual-a /var/lib/lxd/containers /var/log/lxd/xenial-manual-a/lxc.conf': err='exit status 1' lxc 20161021035819.243 ERROR lxc_seccomp - seccomp.c:get_new_ctx:224 - Seccomp error -17 (File exists) adding arch: 15 lxc 20161021035819.243 ERROR lxc_start - start.c:lxc_init:430 - failed loading seccomp policy lxc 20161021035819.243 ERROR lxc_start - start.c:__lxc_start:1313 - failed to initialize the container ** Description changed: The s390x host used to Juju testing spontaneously broke today. The disk filled up, we restarted so that we could remove unused kernels. We discovered that lxc1 cannot create containers any more. $ sudo lxc-create -t ubuntu-cloud -n curtis -- -r xenial -a s390x $ sudo lxc-start -o lxc.log -n curtis lxc-start: tools/lxc_start.c: main: 344 The container failed to start. lxc-start: tools/lxc_start.c: main: 346 To get more details, run the container in foreground mode. lxc-start: tools/lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options. - $ cat lxc.log - lxc-start 20161020121833.069 ERRORlxc_seccomp - seccomp.c:get_new_ctx:224 - Seccomp error -17 (File exists) adding arch: 15 - lxc-start 20161020121833.069 ERRORlxc_start - start.c:lxc_init:430 - failed loading seccomp policy - lxc-start 20161020121833.069 ERRORlxc_start - start.c:__lxc_start:1313 - failed to initialize the container - lxc-start 20161020121838.075 ERRORlxc_start_ui - tools/lxc_start.c:main:344 - The container failed to start. - lxc-start 20161020121838.075 ERRORlxc_start_ui - tools/lxc_start.c:main:346 - To get more details, run the container in foreground mode. - lxc-start 20161020121838.075 ERRORlxc_start_ui - tools/lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options. - + $ cat lxc.log + lxc-start 20161020121833.069 ERRORlxc_seccomp - seccomp.c:get_new_ctx:224 - Seccomp error -17 (File exists) adding arch: 15 + lxc-start 20161020121833.069 ERRORlxc_start - start.c:lxc_init:430 - failed loading seccomp policy + lxc-start 20161020121833.069 ERRORlxc_start - start.c:__lxc_start:1313 - failed to initialize the container + lxc-start 20161020121838.075 ERRORlxc_start_ui - tools/lxc_start.c:main:344 - The container failed to start. + lxc-start 20161020121838.075 ERRORlxc_start_ui - tools/lxc_start.c:main:346 - To get more details, run the container in foreground mode. + lxc-start 20161020121838.075 ERRORlxc_start_ui - tools/lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options. # sinzui: checking when s390x seccomp support was added to the - # kernel, to see if it's just a missing config in our kernel that'd fix that - # cleanly or if we'd need it backported to 4.4 which would be a bit more + # kernel, to see if it's just a missing config in our kernel that'd fix that + # cleanly or if we'd need it backported to 4.4 which would be a bit more # annoying # sinzui: config-4.4.0-45-generic is what you're running right? # stgraber uname-a says 4.4.0-45-generic # stgraber> sinzui: you can workaround it by putting a file # with lxc.seccomp= # in /usr/share/lxc/config/common.conf.d/, that should get you going again - WORK AROUND + WORK AROUND for LXC 1 # on the s390x-slave sudo vim /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf $ cat /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf # Advised to stgraber to add this file after seeing lxc-start fail with # lxc-start 20161020121833.069 ERRORlxc_seccomp - seccomp. lxc.seccomp= -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1635639 Title: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x To manage notifications about this bug go to: https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs