Re: [Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev
Hi, if lxc.aa_allow_incomplete=1 doesn't fix it for you, then you probably have another bug. Would you mind filing a new bug about your issue? Please start the container with 'lxc-start -n container_name -l trace -o debug.out' and append the debug.out file to the new bug. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1406925 Title: lxc-start fails due to insufficient permission for creating netdev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1406925/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev
Can someone clarify exactly what the work around for this bug is? I've been bitten by it but adding lxc.aa_allow_incomplete = 1 to either my container config or the /etc/lxc/default.conf don't seem to resolve it for me. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1406925 Title: lxc-start fails due to insufficient permission for creating netdev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1406925/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev
It'd be nice to validate the prerequisites (e.g. in `debconf` or at start) and fail with a better feedback (either at start, through package dependencies or a debconf warning (that the program can't be used or needs to be reconfigured)) or change default settings at installation. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1406925 Title: lxc-start fails due to insufficient permission for creating netdev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1406925/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev
We are working around important functionality being missing from the kernel. I'd prefer that the apparmor mount functionality go upstream sooner, rather then spend time (and risk regressions) working around it better. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1406925 Title: lxc-start fails due to insufficient permission for creating netdev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1406925/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev
Your kernel does not have the apparmor patchset to support mount restrictions. So long as tha tis the case, your workaround is the correct one. Note that (privileged) containers are less secure this way, although unprivileged containers should be ok. ** Changed in: lxc (Ubuntu) Status: Incomplete = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1406925 Title: lxc-start fails due to insufficient permission for creating netdev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1406925/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev
1. network configuration: $ env LANG=C ifconfig -a` eth1 Link encap:Ethernet HWaddr 00:00:0b:00:0d:8d inet addr:192.168.178.22 Bcast:192.168.178.255 Mask:255.255.255.0 inet6 addr: fe80::200:bff:fe00:d8d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4614818 errors:0 dropped:0 overruns:0 frame:0 TX packets:2617205 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6304830899 (6.3 GB) TX bytes:265525368 (265.5 MB) loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:792265 errors:0 dropped:0 overruns:0 frame:0 TX packets:792265 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1280457921 (1.2 GB) TX bytes:1280457921 (1.2 GB) lxcbr0Link encap:Ethernet HWaddr 00:00:00:00:00:00 inet addr:10.0.3.1 Bcast:10.0.3.255 Mask:255.255.255.0 inet6 addr: fe80::f0cd:39ff:fe43:af4/64 Scope:Link UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:298 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:228 (228.0 B) TX bytes:63092 (63.0 KB) p2p1 Link encap:Ethernet HWaddr 20:89:84:86:6d:4f UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) virbr0Link encap:Ethernet HWaddr be:a2:11:d1:e5:45 inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) wlan0 Link encap:Ethernet HWaddr 68:17:29:77:05:42 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) $ brctl show bridge name bridge id STP enabled interfaces lxcbr0 8000. no virbr0 8000. yes $ sudo brctl show bridge name bridge id STP enabled interfaces lxcbr0 8000. no virbr0 8000. yes 2. starting: $ sudo lxc-start -n p1 -f -l trace -o lxc.debug lxc: cgmanager.c: lxc_cgmanager_escape: 314 call to cgmanager_move_pid_abs_sync(blkio) failed: invalid request lxc-start: lxc_start.c: main: 253 Failed to load rcfile 3. creation: $ sudo lxc-create -t download -n p2 -- -d ubuntu -r trusty -a i386 lxc: cgmanager.c: lxc_cgmanager_escape: 314 call to cgmanager_move_pid_abs_sync(blkio) failed: invalid request Setting up the GPG keyring Downloading the image index Downloading the rootfs Downloading the metadata The image cache is now ready Unpacking the rootfs --- You just created an Ubuntu container (release=trusty, arch=i386, variant=default) To enable sshd, run: apt-get install openssh-server For security reason, container images ship without user accounts and without a root password. Use lxc-attach or chroot directly into the rootfs to set a root password or create user accounts. $ sudo lxc-start -n p2 lxc: cgmanager.c: lxc_cgmanager_escape: 314 call to cgmanager_move_pid_abs_sync(blkio) failed: invalid request lxc-start: lxc_start.c: main: 337 The container failed to start. lxc-start: lxc_start.c: main: 339 To get more details, run the container in foreground mode. lxc-start: lxc_start.c: main: 341 Additional information can be obtained by setting the --logfile and --logpriority options. $ sudo lxc-start -n p2 --foreground lxc: cgmanager.c: lxc_cgmanager_escape: 314 call to cgmanager_move_pid_abs_sync(blkio) failed: invalid request lxc-start: lsm/apparmor.c: apparmor_process_label_set: 186 If you really want to start this container, set lxc-start: lsm/apparmor.c: apparmor_process_label_set: 187 lxc.aa_allow_incomplete = 1 lxc-start: lsm/apparmor.c: apparmor_process_label_set: 188 in your container configuration file lxc-start: sync.c:
[Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev
I just realize that I added `lxc.aa_allow_incomplete = 1` to the lxc `config` file before the initial issue. Now after adding the very same line the issue disappeared, i.e. I can start the lxc `p2`. What now? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1406925 Title: lxc-start fails due to insufficient permission for creating netdev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1406925/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev
Thanks for taking the time to report this bug. Certainly as root you should be able to attach devices to lxcbr0. Could you please 1. show the result of 'ifconfig -a' and 'brctl show' 2. do 'sudo lxc-start -n Ubuntu-12.04.5-i386 -f -l trace -o lxc.debug' and attach lxc.debug here 3. try: sudo lxc-create -t download -n p1 -- -d ubuntu -r trusty -a i386 sudo lxc-start -n p1 and let us know whether that succeeds. ** Changed in: lxc (Ubuntu) Importance: Undecided = High -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1406925 Title: lxc-start fails due to insufficient permission for creating netdev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1406925/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev
(Note that I cannot reproduce this here; sudo lxc-create -t ubuntu -n p1 -- -r precise -a i386 results in a working container for me. So we need to figure out what is differnet in your environment.) ** Changed in: lxc (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1406925 Title: lxc-start fails due to insufficient permission for creating netdev To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1406925/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs