[pkg-lxc-devel] Bug#964745: lxc-start fails when specifying a custom lxc.net.0.hwaddr (on armv7l)

Pierre-Elliott Bécue peb at debian.org
Fri Sep 4 23:23:17 BST 2020 

Control: tags -1 +moreinfo

Hey Santiago,

Thanks for the bugreport!

Le jeudi 09 juillet 2020 à 22:28:06+0200, Santiago R.R. a écrit :
> Package: lxc
> Version: 1:3.1.0+really3.0.3-8
> Severity: important
> 
> Dear Maintainer,
> 
> After creating an lxc container, I've manually set a MAC address for it.
> The container fails to start, giving this output in the logs:
> 
> 	lxc-start container-name 20200709195149.256 ERROR    network - network.c:setup_hw_addr:2762 - Cannot assign requested address - Failed to perform ioctl
> 	lxc-start container-name 20200709195149.256 ERROR    network - network.c:lxc_setup_netdev_in_child_namespaces:2907 - Failed to setup hw address for network device "eth0"
> 	lxc-start container-name 20200709195149.256 ERROR    network - network.c:lxc_setup_network_in_child_namespaces:3047 - failed to setup netdev
> 	lxc-start container-name 20200709195149.256 ERROR    conf - conf.c:lxc_setup:3540 - Failed to setup network
> 	lxc-start container-name 20200709195149.257 ERROR    start - start.c:do_start:1275 - Failed to setup container "container-name"
> 	lxc-start container-name 20200709195149.257 ERROR    sync - sync.c:__sync_wait:62 - An error occurred in another process (expected sequence number 5)
> 	lxc-start container-name 20200709195149.258 ERROR    lxccontainer - lxccontainer.c:wait_on_daemonized_start:842 - Received container state "ABORTING" instead of "RUNNING"
> 	lxc-start container-name 20200709195149.258 ERROR    lxc_start - tools/lxc_start.c:main:330 - The container failed to start
> 	lxc-start container-name 20200709195149.259 ERROR    lxc_start - tools/lxc_start.c:main:333 - To get more details, run the container in foreground mode
> 	lxc-start container-name 20200709195149.259 ERROR    lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options
> 	lxc-start container-name 20200709195149.275 ERROR    start - start.c:__lxc_start:1951 - Failed to spawn container "container-name"
> 
> In the host I can see this:
> 
> 	...
> 	Jul 09 19:53:42 olimicro audit[4788]: AVC apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4788 comm="apparmor_parser"
> 	Jul 09 19:53:42 olimicro kernel: audit: type=1400 audit(1594324422.794:57): apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4788 comm="apparmor_parser"
> 	Jul 09 19:53:42 olimicro kernel: br0: port 4(vethETHNAME) entered blocking state
> 	Jul 09 19:53:42 olimicro kernel: br0: port 4(vethETHNAME) entered disabled state
> 	Jul 09 19:53:42 olimicro systemd-udevd[4789]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
> 	Jul 09 19:53:42 olimicro kernel: device vethETHNAME entered promiscuous mode
> 	Jul 09 19:53:42 olimicro kernel: IPv6: ADDRCONF(NETDEV_UP): vethETHNAME: link is not ready
> 	Jul 09 19:53:42 olimicro systemd-udevd[4789]: Using default interface naming scheme 'v240'.
> 	Jul 09 19:53:42 olimicro systemd-udevd[4789]: Could not generate persistent MAC address for vethHP689N: No such file or directory

This is weird, first the interface is vethETHNAME and then vethHP689N…
are you sure there isn't a quirk in your config or your bridge config?

I use hardcoded macs in configurations on buster since the release
without any issue, but I'm under amd64 arch...

> 	Jul 09 19:53:42 olimicro NetworkManager[935]: <info>  [1594324422.8520] manager: (vethHP689N): new Veth device (/org/freedesktop/NetworkManager/Devices/37)
> 	Jul 09 19:53:42 olimicro systemd-udevd[4790]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
> 	Jul 09 19:53:42 olimicro kernel: eth0: renamed from vethHP689N
> 	Jul 09 19:53:42 olimicro systemd-udevd[4790]: Using default interface naming scheme 'v240'.
> 	Jul 09 19:53:42 olimicro sudo[4781]: pam_unix(sudo:session): session closed for user root
> 	Jul 09 19:53:42 olimicro NetworkManager[935]: <info>  [1594324422.9294] manager: (vethETHNAME): new Veth device (/org/freedesktop/NetworkManager/Devices/38)
> 	Jul 09 19:53:43 olimicro audit[4795]: AVC apparmor="STATUS" operation="profile_remove" profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4795 comm="apparmor_parser"
> 	Jul 09 19:53:43 olimicro kernel: audit: type=1400 audit(1594324423.898:58): apparmor="STATUS" operation="profile_remove" profile="/usr/bin/lxc-start" name="lxc-container-name_</var/lib/lxc>" pid=4795 comm="apparmor_parser"
> 	Jul 09 19:53:44 olimicro kernel: br0: port 4(vethETHNAME) entered disabled state
> 	Jul 09 19:53:44 olimicro kernel: device vethETHNAME left promiscuous mode
> 	Jul 09 19:53:44 olimicro kernel: br0: port 4(vethETHNAME) entered disabled state
> 	Jul 09 19:53:44 olimicro NetworkManager[935]: <info>  [1594324424.5249] device (vethETHNAME): released from master device br0
> 
> To make the container work, I had to remove the lxc.net.0.hwaddr entry,
> start the container and only then copy the autogenerated MAC address in
> the config.
> 
> This happens on armv7l running buster. I haven't test a similar case on
> other architecture nor testing/sid.

Could you give me your container config?

-- 
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528  F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lxc-devel/attachments/20200905/6ae10708/attachment.sig>

More information about the Pkg-lxc-devel mailing list