touch-packages team mailing list archive

Thread
Date

[Bug 1406925] Re: lxc-start fails due to insufficient permission for creating netdev

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Serge Hallyn <1406925@xxxxxxxxxxxxxxxxxx>
Date: Wed, 21 Jan 2015 17:23:03 -0000
Reply-to: Bug 1406925 <1406925@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Your kernel does not have the apparmor patchset to support mount
restrictions.  So long as tha tis the case, your workaround is the
correct one.  Note that (privileged) containers are less secure this
way, although unprivileged containers should be ok.

** Changed in: lxc (Ubuntu)
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1406925

Title:
  lxc-start fails due to insufficient permission for creating netdev

Status in lxc package in Ubuntu:
  Invalid

Bug description:
  After installing an lxc with `sudo lxc-create -n Ubuntu-12.04.5-i386
  -t /usr/share/lxc/templates/lxc-ubuntu -- --release precise --mirror
  http://richtercloud.de:3142/de.archive.ubuntu.com/ubuntu --arch i386`,
  starting the container with `sudo lxc-start -n Ubuntu-12.04.5-i386
  --foreground` fails due to the following error:

      lxc-start: conf.c: instanciate_veth: 2817 failed to attach 'vethY1J1I1' to the bridge 'lxcbr0' : Operation not permitted
      lxc-start: conf.c: lxc_create_network: 3100 failed to create netdev
      lxc-start: start.c: lxc_spawn: 829 failed to create the network
      lxc-start: start.c: __lxc_start: 1087 failed to spawn 'Ubuntu-12.04.5-i386'
      lxc-start: lxc_start.c: main: 337 The container failed to start.
      lxc-start: lxc_start.c: main: 341 Additional information can be obtained by setting the --logfile and --logpriority options.

  It should be possible to start the container right away after
  installation of the apt package and handle eventually necessary setup
  tasks (of permissions, etc.) in `debconf`.

  Currently it's necessary to comment out all `lxc.network.*` entries in
  the container configuration file.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.10
  Package: lxc 1.1.0~alpha2-0ubuntu3
  ProcVersionSignature: Error: [Errno 2] Datei oder Verzeichnis nicht gefunden: '/proc/version_signature'
  Uname: Linux 3.17.7-031707-generic x86_64
  ApportVersion: 2.14.7-0ubuntu8
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Thu Jan  1 14:31:03 2015
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2014-12-28 (4 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  SourcePackage: lxc
  UpgradeStatus: Upgraded to utopic on 2014-12-28 (4 days ago)
  defaults.conf:
   lxc.network.type = veth
   lxc.network.link = lxcbr0
   lxc.network.flags = up
   lxc.network.hwaddr = 00:16:3e:xx:xx:xx
  upstart.lxc-net.override: manual

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1406925/+subscriptions

References

[Bug 1406925] [NEW] lxc-start fails due to insufficient permission for creating netdev
From: Karl-Philipp Richter, 2015-01-01