[pkg-lxc-devel] Bug#934387: Bug#934387: lxc: privileged LXC container do not start: ERROR cgfsng - cgroups/cgfsng.c:__do_cgroup_enter:1498 - No space left on device - Failed to enter cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/test-container/cgroup.procs"
Pierre-Elliott Bécue
peb at debian.org
Sat Aug 10 20:59:17 BST 2019
Le samedi 10 août 2019 à 16:59:32+0200, Salvatore Bonaccorso a écrit :
> Package: lxc
> Version: 1:3.1.0+really3.0.4-1
> Severity: normal
>
> Hi
>
> After an update of lxc and liblxc1 to 1:3.1.0+really3.0.4-1 privileged
> container do not start anymore on an affected host (this might be a
> problem specific, but not entirely sure if it is a bug in the package
> or it's here a user error).
>
> The host is already at 1:3.1.0+really3.0.4-1 and creating a new
> container:
>
> sudo lxc-create -n test-container -t debian -- -r sid
>
> and starting it
>
> sudo lxc-start -n test-container --logfile=/tmp/test-container.log -l DEBUG
>
> fails to start:
>
> lxc-start: test-container: lxccontainer.c: wait_on_daemonized_start: 851 Received container state "STOPPING" instead of "RUNNING"
> lxc-start: test-container: tools/lxc_start.c: main: 329 The container failed to start
> lxc-start: test-container: tools/lxc_start.c: main: 332 To get more details, run the container in foreground mode
> lxc-start: test-container: tools/lxc_start.c: main: 335 Additional information can be obtained by setting the --logfile and --logpriority options
>
> And in detail the test-container.log contains:
>
> lxc-start test-container 20190810144707.635 INFO lxccontainer - lxccontainer.c:do_lxcapi_start:971 - Set process title to [lxc monitor] /var/lib/lxc test-container
> lxc-start test-container 20190810144707.636 INFO lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill)
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno)
> lxc-start test-container 20190810144707.636 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
> lxc-start test-container 20190810144707.637 INFO seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
> lxc-start test-container 20190810144707.637 DEBUG terminal - terminal.c:lxc_terminal_peer_default:676 - No such device - The process does not have a controlling terminal
> lxc-start test-container 20190810144707.739 INFO start - start.c:lxc_init:926 - Container "test-container" is initialized
> lxc-start test-container 20190810144707.739 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
> lxc-start test-container 20190810144707.739 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
> lxc-start test-container 20190810144707.740 INFO cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1403 - The monitor process uses "lxc.monitor/test-container" as cgroup
> lxc-start test-container 20190810144707.740 ERROR cgfsng - cgroups/cgfsng.c:__do_cgroup_enter:1498 - No space left on device - Failed to enter cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/test-container/cgroup.procs"
> lxc-start test-container 20190810144707.740 ERROR start - start.c:__lxc_start:2004 - Failed to enter monitor cgroup
> lxc-start test-container 20190810144707.740 DEBUG lxccontainer - lxccontainer.c:wait_on_daemonized_start:839 - First child 31136 exited
> lxc-start test-container 20190810144707.740 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:851 - Received container state "STOPPING" instead of "RUNNING"
> lxc-start test-container 20190810144707.741 ERROR lxc_start - tools/lxc_start.c:main:329 - The container failed to start
> lxc-start test-container 20190810144707.741 ERROR lxc_start - tools/lxc_start.c:main:332 - To get more details, run the container in foreground mode
> lxc-start test-container 20190810144707.741 ERROR lxc_start - tools/lxc_start.c:main:335 - Additional information can be obtained by setting the --logfile and --logpriority options
> lxc-start test-container 20190810144707.837 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_filter_and_set_cpus:495 - No isolated or offline cpus present in cpuset
> lxc-start test-container 20190810144707.837 DEBUG cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:612 - "cgroup.clone_children" was already set to "1"
> lxc-start test-container 20190810144707.837 WARN cgfsng - cgroups/cgfsng.c:cgfsng_monitor_destroy:1178 - No space left on device - Failed to move monitor 31137 to "/sys/fs/cgroup/cpuset//lxc.pivot/cgroup.procs"
>
> Downgrading to 1:3.1.0+really3.0.3-8 allows the containers to start again.
>
> But as said I'm unsure here if this might be a bug in 1:3.1.0+really3.0.4-1.
>
> I will try to reproduce as well on a fresh installation starting in buster and
> installing lxc there, then upgrading to unstable and see if the issue is
> reproducible in general. The affected host is one constantly following unstable
> and regularly installing updates, so the lxc/liblxc1 updat happended when
> 1:3.1.0+really3.0.4-1 was uploaded to unstable.
>
> Regards,
Hi,
I'll follow up to github to ask for some help, but have you tried to
debug the "no space left on device" part? Are cgroups properly
available?
WBR,
--
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20190810/af3fc10f/attachment-0001.sig>
More information about the Pkg-lxc-devel
mailing list