touch-packages team mailing list archive

Thread
Date

[Bug 1401148] Re: Re/starting an lxc container corrupts all network namespaces on the same physical host

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Stefan Bader <stefan.bader@xxxxxxxxxxxxx>
Date: Wed, 10 Dec 2014 18:20:08 -0000
Reply-to: Bug 1401148 <1401148@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I had assumed that "test-test" was a type and saw the same result after
starting the container with "test", too. So somehow starting an lxc
container seems to have an impact on netns. Not sure whether the
apparmor message may relate which seems to trigger when lxc-start tries
to mount /run/netns.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1401148

Title:
  Re/starting an lxc container corrupts all network namespaces on the
  same physical host

Status in lxc package in Ubuntu:
  New

Bug description:
  Context: Neutron gateway north/south routing server which manages a
  large number of network namespaces; also hosts a few LXC containers
  for misc lightweight control plane services.

  Problem:  If I restart one of the lxc containers, all of the
  namespaces get corrupted in someway; attempting to exec anything in
  any namespace fails with:

  seting the network namespace "qrouter-4b575c81-39bb-439f-81e1-e59e3759a287" failed: Invalid argument
  seting the network namespace "qrouter-1f5e26df-f8c5-4246-9485-3f9df8e39c40" failed: Invalid argument
  seting the network namespace "qrouter-c3bf179e-9532-43f9-88af-752b66592cd6" failed: Invalid argument
  seting the network namespace "qrouter-3d4550ca-4de6-44e3-90b5-1b60c3d58ed1" failed: Invalid argument
  seting the network namespace "qrouter-4fc4c3c2-68bf-4954-8b32-d47d8d84086e" failed: Invalid argument
  seting the network namespace "qrouter-0890d9ea-f0c8-4e69-bf1a-4896213a82a0" failed: Invalid argument
  seting the network namespace "qrouter-0f7e0655-f84b-4aaa-82aa-75f01a59411e" failed: Invalid argument

  I also see:

  Dec 10 15:16:00 cofgod kernel: [ 4604.274359] type=1400 audit(1418224560.675:132): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-0ba77ab2-b3ee-4752-88af-b19313c10f9d/" pid=8790 comm="lxc-start" flags="rw, slave"
  Dec 10 15:16:00 cofgod kernel: [ 4604.274405] type=1400 audit(1418224560.675:134): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-25006453-2caa-4aa4-bdeb-e4822dc700d6/" pid=8790 comm="lxc-start" flags="rw, slave"
  Dec 10 15:16:00 cofgod kernel: [ 4604.274436] type=1400 audit(1418224560.675:136): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-2fec74e8-d507-4650-beb4-8da459ea0039/" pid=8790 comm="lxc-start" flags="rw, slave"
  Dec 10 15:16:00 cofgod kernel: [ 4604.274451] type=1400 audit(1418224560.675:137): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-33d8fa40-c158-4377-bc8f-d252e38d4943/" pid=8790 comm="lxc-start" flags="rw, slave"
  Dec 10 15:16:00 cofgod kernel: [ 4604.274466] type=1400 audit(1418224560.675:138): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-394517c0-e48a-43e7-8778-96c601607733/" pid=8790 comm="lxc-start" flags="rw, slave"
  Dec 10 15:16:00 cofgod kernel: [ 4604.274482] type=1400 audit(1418224560.675:139): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qdhcp-41e21850-decf-49f8-97fb-cbb3aa5932e3/" pid=8790 comm="lxc-start" flags="rw, slave"
  Dec 10 15:16:00 cofgod kernel: [ 4604.274497] type=1400 audit(1418224560.675:140): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="/usr/bin/lxc-start" name="/run/netns/qrouter-e9837293-c017-4d85-a601-cae5e83719a2/" pid=8790 comm="lxc-start" flags="rw, slave"

  In the kern.log

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: lxc 1.0.6-0ubuntu0.1
  ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6
  Uname: Linux 3.13.0-35-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.6
  Architecture: amd64
  Date: Wed Dec 10 15:24:45 2014
  SourcePackage: lxc
  UpgradeStatus: No upgrade log present (probably fresh install)
  defaults.conf:
   lxc.network.type = veth
   lxc.network.link = lxcbr0
   lxc.network.flags = up
   lxc.network.hwaddr = 00:16:3e:xx:xx:xx

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1401148/+subscriptions

References

[Bug 1401148] [NEW] Re/starting an lxc container corrupts all network namespaces on the same physical host
From: James Page, 2014-12-10