Ubuntu
lxc package

Unable to start containers without proc entry in fstab

Bug #963388 reported by Stéphane Graber
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
High
Unassigned
Ubuntu ubuntu-12.04-beta-2
Precise
Fix Released
High
Unassigned
Ubuntu ubuntu-12.04-beta-2

Bug Description

This bug affects all arkose containers.

Since the recent change to implement per-container apparmor profile, arkose stopped working, printing:
lxc-start: No such file or directory - failed to change apparmor profile to lxc-container-default

Trying to reproduce this with a standard container, I tracked it down to the lack of /proc defined in LXC's fstab.
Arkose usually starts the container without giving lxc a fstab file, then after that mounts some file systems, I should change that anyway and will do so post-beta2 but the problem remains that it's currently impossible to start a container that doesn't use lxc's fstab to mount /proc.

On top of arkose container, this also breaks anyone using my recommended setup to boot VM images in a container per http://www.stgraber.org/2012/03/04/booting-an-ubuntu-12-04-virtual-machine-in-an-lxc-container/

Related branches

lp:ubuntu/precise/lxc
Revision history for this message
Stéphane Graber (stgraber) wrote :

Targeting to beta2 as it's currently breaking a software shipped by default on one of the images.

Changed in lxc (Ubuntu Precise):
status: New → Triaged
importance: Undecided → High
milestone: none → ubuntu-12.04-beta-2
Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 963388] [NEW] Unable to start containers without proc entry in fstab

Quoting Stéphane Graber (<email address hidden>):
> Public bug reported:
>
> This bug affects all arkose containers.
>
> Since the recent change to implement per-container apparmor profile, arkose stopped working, printing:
> lxc-start: No such file or directory - failed to change apparmor profile to lxc-container-default
>
>
> Trying to reproduce this with a standard container, I tracked it down to the lack of /proc defined in LXC's fstab.

Ok, I see. So we should switch to aa_change_onexec() and run it before we
do our pivot_root(). I couldn't do that before, but IIUC aa_change_onexec()
has been fixed and this should now work.

Thanks for submitting this bug.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.7.5-3ubuntu45

---------------
lxc (0.7.5-3ubuntu45) precise; urgency=low

  * 0064-apparmor-mount-proc: mount /proc if we need to before changing
    apparmor profile (LP: #963388). (Also fixes two bad error paths)
  * lxc.postinst: use the right filename for loading profile
 -- Serge Hallyn <email address hidden> Sun, 25 Mar 2012 21:45:03 -0500

Changed in lxc (Ubuntu Precise):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.