[pkg-lxc-devel] Bug#934155: lxc: unprivileged lxc container with veth does not start since update to 1:3.1.0+really3.0.4-1 amd64

Jarek Slosarczyk jarek.slosarczyk at mail.de
Wed Aug 7 16:46:00 BST 2019 

attached a log file generated with :
	lxc-start -F tex --logile texdebug0 --logpriority DEBUG

-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments
-------------- next part --------------
lxc-start tex 20190807151922.327 INFO     confile - confile.c:set_config_idmaps:1626 - Read uid map: type u nsid 0 hostid 100000 range 999
lxc-start tex 20190807151922.327 INFO     confile - confile.c:set_config_idmaps:1626 - Read uid map: type g nsid 0 hostid 100000 range 999
lxc-start tex 20190807151922.327 INFO     confile - confile.c:set_config_idmaps:1626 - Read uid map: type u nsid 1000 hostid 1000 range 1
lxc-start tex 20190807151922.327 INFO     confile - confile.c:set_config_idmaps:1626 - Read uid map: type g nsid 1000 hostid 1000 range 1
lxc-start tex 20190807151922.328 INFO     confile - confile.c:set_config_idmaps:1626 - Read uid map: type u nsid 1001 hostid 101001 range 64534
lxc-start tex 20190807151922.328 INFO     confile - confile.c:set_config_idmaps:1626 - Read uid map: type g nsid 1001 hostid 101001 range 64534
lxc-start tex 20190807151922.368 INFO     lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
lxc-start tex 20190807151922.369 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
lxc-start tex 20190807151922.370 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start tex 20190807151922.370 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start tex 20190807151922.370 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start tex 20190807151922.370 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start tex 20190807151922.370 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start tex 20190807151922.370 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start tex 20190807151922.371 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start tex 20190807151922.371 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start tex 20190807151922.371 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start tex 20190807151922.371 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start tex 20190807151922.371 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start tex 20190807151922.371 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start tex 20190807151922.371 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start tex 20190807151922.372 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start tex 20190807151922.372 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start tex 20190807151922.372 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start tex 20190807151922.372 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start tex 20190807151922.373 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start tex 20190807151922.373 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start tex 20190807151922.373 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start tex 20190807151922.373 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start tex 20190807151922.373 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start tex 20190807151922.374 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start tex 20190807151922.374 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start tex 20190807151922.374 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start tex 20190807151922.374 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start tex 20190807151922.374 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start tex 20190807151922.375 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start tex 20190807151922.375 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start tex 20190807151922.375 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start tex 20190807151922.375 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start tex 20190807151922.375 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start tex 20190807151922.376 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start tex 20190807151922.376 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start tex 20190807151922.376 INFO     seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start tex 20190807151922.387 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:683 - Using terminal "/dev/tty" as proxy
lxc-start tex 20190807151922.388 DEBUG    terminal - terminal.c:lxc_terminal_signal_init:167 - Created signal fd 9
lxc-start tex 20190807151922.388 DEBUG    terminal - terminal.c:lxc_terminal_winsz:82 - Set window size to 239 columns and 73 rows
lxc-start tex 20190807151922.388 DEBUG    conf - conf.c:chown_mapped_root:3146 - trying to chown "/dev/pts/3" to 1000
lxc-start tex 20190807151922.928 INFO     start - start.c:lxc_init:926 - Container "tex" is initialized
lxc-start tex 20190807151922.932 INFO     cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1403 - The monitor process uses "lxc.monitor/tex" as cgroup
lxc-start tex 20190807151922.939 INFO     cgfsng - cgroups/cgfsng.c:cgfsng_payload_create:1468 - The container process uses "lxc.payload/tex" as cgroup
lxc-start tex 20190807151922.950 ERROR    start - start.c:proc_pidfd_open:1619 - Function not implemented - Failed to send signal through pidfd
lxc-start tex 20190807151922.951 INFO     start - start.c:lxc_spawn:1762 - Cloned CLONE_NEWUSER
lxc-start tex 20190807151922.951 INFO     start - start.c:lxc_spawn:1762 - Cloned CLONE_NEWNS
lxc-start tex 20190807151922.951 INFO     start - start.c:lxc_spawn:1762 - Cloned CLONE_NEWPID
lxc-start tex 20190807151922.951 INFO     start - start.c:lxc_spawn:1762 - Cloned CLONE_NEWUTS
lxc-start tex 20190807151922.951 INFO     start - start.c:lxc_spawn:1762 - Cloned CLONE_NEWIPC
lxc-start tex 20190807151922.952 DEBUG    start - start.c:lxc_try_preserve_namespaces:193 - Preserved user namespace via fd 14
lxc-start tex 20190807151922.952 DEBUG    start - start.c:lxc_try_preserve_namespaces:193 - Preserved mnt namespace via fd 15
lxc-start tex 20190807151922.953 DEBUG    start - start.c:lxc_try_preserve_namespaces:193 - Preserved pid namespace via fd 16
lxc-start tex 20190807151922.953 DEBUG    start - start.c:lxc_try_preserve_namespaces:193 - Preserved uts namespace via fd 17
lxc-start tex 20190807151922.954 DEBUG    start - start.c:lxc_try_preserve_namespaces:193 - Preserved ipc namespace via fd 18
lxc-start tex 20190807151922.954 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2822 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start tex 20190807151922.955 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2822 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start tex 20190807151922.955 DEBUG    conf - conf.c:lxc_map_ids:2908 - Functional newuidmap and newgidmap binary found
lxc-start tex 20190807151922.104 INFO     start - start.c:do_start:1180 - Unshared CLONE_NEWNET
lxc-start tex 20190807151922.104 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2822 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start tex 20190807151922.104 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2822 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start tex 20190807151922.104 DEBUG    conf - conf.c:lxc_map_ids:2908 - Functional newuidmap and newgidmap binary found
lxc-start tex 20190807151922.111 DEBUG    start - start.c:lxc_spawn:1817 - Preserved net namespace via fd 10
lxc-start tex 20190807151922.111 WARN     start - start.c:lxc_spawn:1822 - Operation not permitted - Failed to allocate new network namespace id
lxc-start tex 20190807151922.111 INFO     network - network.c:lxc_create_network_unpriv_exec:2269 - Execing lxc-user-nic create /home/lxc tex 9897 veth br0 eth0
lxc-start tex 20190807151922.114 ERROR    network - network.c:lxc_create_network_unpriv_exec:2297 - lxc-user-nic failed to configure requested network: Permission denied - Failed to open "/run/lxc/nics"
cmd/lxc_user_nic.c: 1228: main: Failed to lock /run/lxc/nics
lxc-start tex 20190807151922.114 ERROR    start - start.c:lxc_spawn:1840 - Failed to create the configured network
lxc-start tex 20190807151922.114 DEBUG    network - network.c:lxc_delete_network:3308 - Deleted network devices
lxc-start tex 20190807151922.114 ERROR    start - start.c:__lxc_start:2031 - Failed to spawn container "tex"
lxc-start tex 20190807151922.115 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2822 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start tex 20190807151922.115 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2822 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start tex 20190807151922.115 DEBUG    conf - conf.c:lxc_map_ids:2908 - Functional newuidmap and newgidmap binary found
lxc-start tex 20190807151922.179 INFO     conf - conf.c:run_script_argv:372 - Executing script "/usr/share/lxcfs/lxc.reboot.hook" for container "tex", config section "lxc"
lxc-start tex 20190807151922.682 INFO     conf - conf.c:run_script_argv:372 - Executing script "/usr/share/lxcfs/lxc.reboot.hook" for container "tex", config section "lxc"
lxc-start tex 20190807151923.186 ERROR    lxc_start - tools/lxc_start.c:main:329 - The container failed to start
lxc-start tex 20190807151923.186 ERROR    lxc_start - tools/lxc_start.c:main:335 - Additional information can be obtained by setting the --logfile and --logpriority options

More information about the Pkg-lxc-devel mailing list