[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Stéphane Graber]

** Changed in: lxc (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Curtis Hovey]

** Changed in: juju-ci-tools
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Stéphane Graber]

** Changed in: lxc (Ubuntu Zesty)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Launchpad Bug Tracker]

This bug was fixed in the package lxc - 2.0.5-0ubuntu1.1

---
lxc (2.0.5-0ubuntu1.1) yakkety; urgency=medium

  * Cherry-pick bugfix from upstream:
- s390x: Fix seccomp handling of personalities (LP: #1635639)

 -- Stéphane Graber   Fri, 21 Oct 2016 12:40:08
-0400

** Changed in: lxc (Ubuntu Yakkety)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Stéphane Graber]

Confirmed on both xenial and yakkety.

** Tags removed: verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Launchpad Bug Tracker]

This bug was fixed in the package lxc - 2.0.5-0ubuntu1~ubuntu16.04.2

---
lxc (2.0.5-0ubuntu1~ubuntu16.04.2) xenial; urgency=medium

  * Cherry-pick bugfix from upstream:
- s390x: Fix seccomp handling of personalities (LP: #1635639)

 -- Stéphane Graber   Fri, 21 Oct 2016 12:39:18
-0400

** Changed in: lxc (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Stéphane Graber]

** Changed in: lxc (Ubuntu)
   Status: In Progress => Triaged

** Also affects: lxc (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: lxc (Ubuntu Zesty)
   Importance: High
 Assignee: Stéphane Graber (stgraber)
   Status: Triaged

** Also affects: lxc (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: lxc (Ubuntu Xenial)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Yakkety)
   Status: New => In Progress

** Changed in: lxc (Ubuntu Xenial)
   Importance: Undecided => High

** Changed in: lxc (Ubuntu Yakkety)
   Importance: Undecided => High

** Changed in: lxc (Ubuntu Yakkety)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxc (Ubuntu Xenial)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Description changed:

+ ## SRU paperwork
+ ### Rationale
+ LXC 2.0.5 added support for Seccomp on the s390x architecture for those 
kernels that support it. Unfortunately the personality handling for s390x is 
wrong and results in the profile being setup twice, causing a failure to start 
the container.
+ 
+ This effectively means that LXC 2.0.5 fails out of the box on s390x.
+ 
+ ### Test case
+ With LXC:
+  - lxc-start -n some-container -F
+ 
+ With LXD:
+  - lxc start some-container
+ 
+ ### Regression potential
+ Our own testing shows that the fix works perfectly fine. The code change 
itself only affects s390x (under ifdef) so can't possibly affect the other 
architectures.
+ 
+ The worst that can happen should this fix be wrong is either status quo
+ (container won't start) or having the container start without seccomp
+ support (status quo when compared to 2.0.4).
+ 
+ 
+ ## Original bug report
  The s390x host used to Juju testing spontaneously broke today.
  The disk filled up, we restarted so that we could remove unused
  kernels. We discovered that lxc1 cannot create containers any more.
  
  $ sudo lxc-create -t ubuntu-cloud -n curtis -- -r xenial -a s390x
  
  $ sudo lxc-start -o lxc.log -n curtis
  lxc-start: tools/lxc_start.c: main: 344 The container failed to start.
  lxc-start: tools/lxc_start.c: main: 346 To get more details, run the 
container in foreground mode.
  lxc-start: tools/lxc_start.c: main: 348 Additional information can be 
obtained by setting the --logfile and --logpriority options.
  
  $ cat lxc.log
    lxc-start 20161020121833.069 ERRORlxc_seccomp - 
seccomp.c:get_new_ctx:224 - Seccomp error -17 (File exists) adding arch: 15
    lxc-start 20161020121833.069 ERRORlxc_start - start.c:lxc_init:430 
- failed loading seccomp policy
    lxc-start 20161020121833.069 ERRORlxc_start - 
start.c:__lxc_start:1313 - failed to initialize the container
    lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:344 - The container failed to start.
    lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:346 - To get more details, run the container in 
foreground mode.
    lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:348 - Additional information can be obtained by setting 
the --logfile and --logpriority options.
  
  #  sinzui: checking when s390x seccomp support was added to the
  # kernel, to see if it's just a missing config in our kernel that'd fix that
  # cleanly or if we'd need it backported to 4.4 which would be a bit more
  # annoying
  #  sinzui: config-4.4.0-45-generic is what you're running right?
  #  stgraber uname-a says 4.4.0-45-generic
  # stgraber> sinzui: you can workaround it by putting a file
  # with lxc.seccomp=
  # in /usr/share/lxc/config/common.conf.d/, that should get you going again
  
  WORK AROUND for LXC 1
  # on the s390x-slave
  sudo vim /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf
  $ cat /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf
  # Advised to stgraber to add this file after seeing lxc-start fail with
  # lxc-start 20161020121833.069 ERRORlxc_seccomp - seccomp.
  lxc.seccomp=

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Martin Pitt]

Hello Curtis, or anyone else affected,

Accepted lxc into yakkety-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/lxc/2.0.5-0ubuntu1.1
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: lxc (Ubuntu Yakkety)
   Status: In Progress => Fix Committed

** Tags added: verification-needed

** Changed in: lxc (Ubuntu Xenial)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Stéphane Graber]

I fixed this in upstream LXC yesterday, will upload SRUs today.

** Changed in: lxc (Ubuntu)
 Assignee: (unassigned) => Stéphane Graber (stgraber)

** Changed in: lxc (Ubuntu)
   Status: New => In Progress

** Changed in: lxc (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Curtis Hovey]

** Changed in: juju-ci-tools
   Status: Fix Committed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1635639] Re: Seccomp error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

[Curtis Hovey]

Current and new lxd containers are still broken. We see errors like this

lxc start xenial-manual-a xenial-manual-b xenial-manual-c
error: Error calling 'lxd forkstart xenial-manual-a /var/lib/lxd/containers 
/var/log/lxd/xenial-manual-a/lxc.conf': err='exit status 1'
  lxc 20161021035819.243 ERROR lxc_seccomp - seccomp.c:get_new_ctx:224 - 
Seccomp error -17 (File exists) adding arch: 15
  lxc 20161021035819.243 ERROR lxc_start - start.c:lxc_init:430 - failed 
loading seccomp policy
  lxc 20161021035819.243 ERROR lxc_start - start.c:__lxc_start:1313 - failed to 
initialize the container

** Description changed:

  The s390x host used to Juju testing spontaneously broke today.
  The disk filled up, we restarted so that we could remove unused
  kernels. We discovered that lxc1 cannot create containers any more.
  
  $ sudo lxc-create -t ubuntu-cloud -n curtis -- -r xenial -a s390x
  
  $ sudo lxc-start -o lxc.log -n curtis
  lxc-start: tools/lxc_start.c: main: 344 The container failed to start.
  lxc-start: tools/lxc_start.c: main: 346 To get more details, run the 
container in foreground mode.
  lxc-start: tools/lxc_start.c: main: 348 Additional information can be 
obtained by setting the --logfile and --logpriority options.
  
- $ cat lxc.log 
-   lxc-start 20161020121833.069 ERRORlxc_seccomp - 
seccomp.c:get_new_ctx:224 - Seccomp error -17 (File exists) adding arch: 15
-   lxc-start 20161020121833.069 ERRORlxc_start - start.c:lxc_init:430 
- failed loading seccomp policy
-   lxc-start 20161020121833.069 ERRORlxc_start - 
start.c:__lxc_start:1313 - failed to initialize the container
-   lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:344 - The container failed to start.
-   lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:346 - To get more details, run the container in 
foreground mode.
-   lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:348 - Additional information can be obtained by setting 
the --logfile and --logpriority options.
- 
+ $ cat lxc.log
+   lxc-start 20161020121833.069 ERRORlxc_seccomp - 
seccomp.c:get_new_ctx:224 - Seccomp error -17 (File exists) adding arch: 15
+   lxc-start 20161020121833.069 ERRORlxc_start - start.c:lxc_init:430 
- failed loading seccomp policy
+   lxc-start 20161020121833.069 ERRORlxc_start - 
start.c:__lxc_start:1313 - failed to initialize the container
+   lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:344 - The container failed to start.
+   lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:346 - To get more details, run the container in 
foreground mode.
+   lxc-start 20161020121838.075 ERRORlxc_start_ui - 
tools/lxc_start.c:main:348 - Additional information can be obtained by setting 
the --logfile and --logpriority options.
  
  #  sinzui: checking when s390x seccomp support was added to the
- # kernel, to see if it's just a missing config in our kernel that'd fix that 
- # cleanly or if we'd need it backported to 4.4 which would be a bit more 
+ # kernel, to see if it's just a missing config in our kernel that'd fix that
+ # cleanly or if we'd need it backported to 4.4 which would be a bit more
  # annoying
  #  sinzui: config-4.4.0-45-generic is what you're running right?
  #  stgraber uname-a says 4.4.0-45-generic
  # stgraber> sinzui: you can workaround it by putting a file
  # with lxc.seccomp=
  # in /usr/share/lxc/config/common.conf.d/, that should get you going again
  
- WORK AROUND
+ WORK AROUND for LXC 1
  # on the s390x-slave
  sudo vim /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf
  $ cat /usr/share/lxc/config/common.conf.d/10-secomp-hack.conf
  # Advised to stgraber to add this file after seeing lxc-start fail with
  # lxc-start 20161020121833.069 ERRORlxc_seccomp - seccomp.
  lxc.seccomp=

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1635639

Title:
  Seccomp  error with 2.0.5-0ubuntu1~ubuntu16.04.1 on s390x

To manage notifications about this bug go to:
https://bugs.launchpad.net/juju-ci-tools/+bug/1635639/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs