I was able to reproduce this bug on Debian unstable (lxc=2.0.7-2,
libpam-cgfs=2.0.6-1, systemd=232-22, linux-image-4.9.0-2-amd64=4.9.18-1
or even using 4.11.0-rc6-1, libpam-cgm not installed, cgmanager not
installed) with Debian Jessie unprivileged container (created using
download template [1]). Systemd version in the container: 215-17+deb8u6.
In addition to the three symptoms listed in the bug description, here is
another: in the container "/sys/fs/cgroup/systemd" isn't mounted
(systemctl command fails and any attempt to manually mount it will hangs
forever).
It appears there are two problems:
1. When using umask, create lxc cgroups before running lxc-start:
$ mkdir
/sys/fs/cgroup/systemd/user.slice/user-$UID.slice/session-$XDG_SESSION_ID.scope/lxc
$ mkdir /sys/fs/cgroup/{freezer,memory}/user/$USER/0/lxc
# replace <subgid>
$ sudo chgrp <subgid>
/sys/fs/cgroup/systemd/user.slice/user-$UID.slice/session-$XDG_SESSION_ID.scope/lxc
$ sudo chgrp <subgid> /sys/fs/cgroup/{freezer,memory}/user/$USER/0/lxc
$ chmod g+x
/sys/fs/cgroup/systemd/user.slice/user-$UID.slice/session-$XDG_SESSION_ID.scope/lxc
$ chmod g+x /sys/fs/cgroup/{memory,freezer}/user/$USER/0/lxc
Start the container, systemd will be able to mount
/sys/fs/cgroup/systemd/:
$ lxc-start -n <name>
And lxc-stop works, host is able to reboot without hard reset.
2. About the kernel related problem: systemd try to mount
"/sys/fs/cgroup/systemd/" twice ([2]: mount_table and mount_setup): once
using "none,name=systemd,xattr" options then if the first try fails
there is another using "none,name=systemd". The first try returns
"permission denied" and then systemd become stuck at the second try.
Without manually creating the lxc cgroups, I was able to reproduce this
problem using unprivileged container Alpine edge (Alpine doesn't use
systemd):
$ lxc-attach -n alpine_container --clear-env
# mount -t tmpfs tmpfs /sys/fs/cgroup
# mkdir /sys/fs/cgroup/systemd
# mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd
-> mount command hangs, lxc-stop hangs, host needs a hard reset
[1] http://images.linuxcontainers.org/
[2]
https://github.com/systemd/systemd/blob/1b59cf04aee20525179f81928f1e1794ce970551/src/core/mount-setup.c#L104
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1642767
Title:
starting any container with umask 007 breaks host system shutdown.
lxc-stop just hangs.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1642767/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
