touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #71179
[Bug 1445611] [NEW] [vivid] lxc container with systemd fails to boot under libvirt-lxc
Public bug reported:
Under vivid, a vivid container fails to boot with systemd, printing the
following error message in console:
Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN)
Detected virtualization 'lxc-libvirt'.
Detected architecture 'x86-64'.
Welcome to Ubuntu Vivid Vervet (development branch)!
Set hostname to <test>.
Failed to install release agent, ignoring: No such file or directory
Failed to create root cgroup hierarchy: No such file or directory
Failed to allocate manager object: No such file or directory
[!!!!!!] Failed to allocate manager object, freezing.
On the host, the following dmesg is found:
[ 805.407722] audit: type=1400 audit(1429295378.619:150): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" pid=3796 comm="apparmor_parser"
[ 805.431061] device vnet0 entered promiscuous mode
[ 805.446988] IPv6: ADDRCONF(NETDEV_UP): vnet0: link is not ready
[ 806.043772] eth0: renamed from vnet1
[ 806.067844] IPv6: ADDRCONF(NETDEV_CHANGE): vnet0: link becomes ready
[ 806.067942] virbr0: port 2(vnet0) entered listening state
[ 806.067959] virbr0: port 2(vnet0) entered listening state
[ 806.096686] audit: type=1400 audit(1429295379.307:151): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/systemd/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.096914] audit: type=1400 audit(1429295379.307:152): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/systemd/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098253] audit: type=1400 audit(1429295379.307:153): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/freezer/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098474] audit: type=1400 audit(1429295379.307:154): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/net_cls,net_prio/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098640] audit: type=1400 audit(1429295379.307:155): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/devices/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098805] audit: type=1400 audit(1429295379.307:156): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/cpu,cpuacct/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098978] audit: type=1400 audit(1429295379.307:157): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/blkio/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.099149] audit: type=1400 audit(1429295379.307:158): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/cpuset/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 808.073724] virbr0: port 2(vnet0) entered learning state
[ 810.079825] virbr0: topology change detected, propagating
[ 810.079854] virbr0: port 2(vnet0) entered forwarding state
To reproduce the bug, do the following (libvirt XML file is attached):
$ lxc-create -P /lxc -n test -t download -B btrfs -- --dist=ubuntu --release=vivid --arch=amd64
$ virsh -c lxc:/// define test.xml
$ virsh -c lxc:/// start test
Then use e.g. virt-manager to view the console output.
Package versions:
apparmor = 2.9.1-0ubuntu9
cgmanager = 0.36-2ubuntu5
libvirt-bin = 1.2.12-0ubuntu12
lxc = 1.1.2-0ubuntu3
lxcfs = 0.7-0ubuntu2
systemd = 219-7ubuntu2
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Tags: libvirt lxc systemd vivid
** Attachment added: "libvirt XML file of the vivid lxc container"
https://bugs.launchpad.net/bugs/1445611/+attachment/4378622/+files/test.xml
** Package changed: lxc (Ubuntu) => libvirt (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1445611
Title:
[vivid] lxc container with systemd fails to boot under libvirt-lxc
Status in libvirt package in Ubuntu:
New
Bug description:
Under vivid, a vivid container fails to boot with systemd, printing
the following error message in console:
Failed to mount cgroup at /sys/fs/cgroup/systemd: Permission denied
systemd 219 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN)
Detected virtualization 'lxc-libvirt'.
Detected architecture 'x86-64'.
Welcome to Ubuntu Vivid Vervet (development branch)!
Set hostname to <test>.
Failed to install release agent, ignoring: No such file or directory
Failed to create root cgroup hierarchy: No such file or directory
Failed to allocate manager object: No such file or directory
[!!!!!!] Failed to allocate manager object, freezing.
On the host, the following dmesg is found:
[ 805.407722] audit: type=1400 audit(1429295378.619:150): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" pid=3796 comm="apparmor_parser"
[ 805.431061] device vnet0 entered promiscuous mode
[ 805.446988] IPv6: ADDRCONF(NETDEV_UP): vnet0: link is not ready
[ 806.043772] eth0: renamed from vnet1
[ 806.067844] IPv6: ADDRCONF(NETDEV_CHANGE): vnet0: link becomes ready
[ 806.067942] virbr0: port 2(vnet0) entered listening state
[ 806.067959] virbr0: port 2(vnet0) entered listening state
[ 806.096686] audit: type=1400 audit(1429295379.307:151): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/systemd/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.096914] audit: type=1400 audit(1429295379.307:152): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/systemd/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098253] audit: type=1400 audit(1429295379.307:153): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/freezer/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098474] audit: type=1400 audit(1429295379.307:154): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/net_cls,net_prio/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098640] audit: type=1400 audit(1429295379.307:155): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/devices/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098805] audit: type=1400 audit(1429295379.307:156): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/cpu,cpuacct/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.098978] audit: type=1400 audit(1429295379.307:157): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/blkio/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 806.099149] audit: type=1400 audit(1429295379.307:158): apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="libvirt-9d578815-a1e9-4596-aef9-a70717574f0e" name="/sys/fs/cgroup/cpuset/" pid=3834 comm="systemd" fstype="cgroup" srcname="cgroup" flags="rw, nosuid, nodev, noexec"
[ 808.073724] virbr0: port 2(vnet0) entered learning state
[ 810.079825] virbr0: topology change detected, propagating
[ 810.079854] virbr0: port 2(vnet0) entered forwarding state
To reproduce the bug, do the following (libvirt XML file is attached):
$ lxc-create -P /lxc -n test -t download -B btrfs -- --dist=ubuntu --release=vivid --arch=amd64
$ virsh -c lxc:/// define test.xml
$ virsh -c lxc:/// start test
Then use e.g. virt-manager to view the console output.
Package versions:
apparmor = 2.9.1-0ubuntu9
cgmanager = 0.36-2ubuntu5
libvirt-bin = 1.2.12-0ubuntu12
lxc = 1.1.2-0ubuntu3
lxcfs = 0.7-0ubuntu2
systemd = 219-7ubuntu2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1445611/+subscriptions
Follow ups
References
