*** This bug is a duplicate of bug 1350947 ***
https://bugs.launchpad.net/bugs/1350947
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: lxc (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Can you please attach the output of
apparmor_parser -p /etc/apparmor.d/usr.bin.lxc-start
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container
** Also affects: linux (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container corrupts all
So for now I added also a task for the kernel, though the truth (if such a
thing exists) could be somewhere between. Serge, Stephane, what we probably
need to figure out is what exactly lxc-start tries to get done when slave
mounting /run/netns. And somehow it might be possible that it needs
Stop the bot.
** Changed in: linux (Ubuntu)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container corrupts
Stop the bot.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container corrupts all network namespaces on the
same physical host
To manage
so I think it's some systemd handling which does that. LXC unshares the
mnt namespace which gets it a copy of the host's, then it's doing some
magic (rprivate I believe) to get things working under systemd, then
mounts what it needs, unmounts everything else and pivot_root.
lxc itself has no code
When stracing lxc-start one of the sub-processes is doing the access.
This is the strace of that sub-process.
** Attachment added: lxc-start.strace.3131
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+attachment/4278745/+files/lxc-start.strace.3131
--
You received this bug
lxc-start.strace.3093:clone(child_stack=0x7fff7fbc0290,
flags=CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD)
= 3131
lxc-start.strace.3093:open(/proc/3131/ns/net, O_RDONLY) = 16
lxc-start.strace.3093:waitid(P_PID, 3131, {}, WNOHANG|WEXITED|WNOWAIT, NULL) =
--
You
This is the output of apparmor_parser -p /etc/apparmor.d/usr.bin.lxc-
start on Vivid with 3.16 kernel.
** Attachment added: aa-parser.txt
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1401148/+attachment/4278746/+files/aa-parser.txt
--
You received this bug notification because you
Is this only happening when systemd is in the container, or when systemd
is on the host?
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container
I would have assumed systemd is on neither. Since it seems to be the
same all the way since Trusty (at least).
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting
*** This bug is a duplicate of bug 1350947 ***
https://bugs.launchpad.net/bugs/1350947
The only way I can get this to work is to add
mount,
to /etc/apparmor.d/abstractions/lxc/start-container
If I add something like
mount options=slave
remount options=slave
that does not suffice.
--
*** This bug is a duplicate of bug 1350947 ***
https://bugs.launchpad.net/bugs/1350947
hah, as pointed out in comment #4 of that bug. Marking this as a dup
** This bug has been marked a duplicate of bug 1350947
apparmor: no working rule to allow making a mount private
--
You received
*** This bug is a duplicate of bug 1350947 ***
https://bugs.launchpad.net/bugs/1350947
James if you'd like to increase the priority of bug 1350947 please do
so.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
*** This bug is a duplicate of bug 1350947 ***
https://bugs.launchpad.net/bugs/1350947
It appears that as tyhicks pointed out this is a dup of bug 1350947.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
To reproduce:
sudo lxc-create --name test -t ubuntu-cloud
sudo ip netns add test
sudo ip netns exec test ip addr
1: lo: LOOPBACK mtu 65536 qdisc noop state DOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
sudo lxc-start -d --name test
sudo ip netns exec test-tests ip
Confirmed on vivid as well.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container corrupts all network namespaces on the
same physical host
To
sudo ip netns exec test ip addr
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container corrupts all network namespaces on the
same physical host
Confirmed on utopic as well.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container corrupts all network namespaces on the
same physical host
To
** Tags added: landscape
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148
Title:
Re/starting an lxc container corrupts all network namespaces on the
same physical host
To
I had assumed that test-test was a type and saw the same result after
starting the container with test, too. So somehow starting an lxc
container seems to have an impact on netns. Not sure whether the
apparmor message may relate which seems to trigger when lxc-start tries
to mount /run/netns.
--
Hm, as a data-point. It seems for the testing one can set /usr/bin/lxc-
start to complain mode:
aa-complain /usr/bin/lxc-start
and when I did that the test netns is still usable after lxc-start.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
23 matches
Mail list logo
