Ubuntu
lxc package

lxc-execute fails to start container without rootfs

Bug #1188501 reported by NeilGreenwood
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
Medium
Serge Hallyn
Raring
Fix Released
Medium
Unassigned

Bug Description

========================
Impact: cannot lxc-execute in a container without private rootfs
Development fix: mount /proc when no rootfs is specified
Stable fix: same as development fix
Test case:
 sudo lxc-execute --name test /bin/bash
 Without the fix, this will fail. With the fix, it will
 succeed.
Regression potential: This fix is cherrypicked from upstream, and
 should not result in any regressions. The function
 being modified is a crucial one though.
========================

I get the following output when trying to start a container just running bash as an app:

$ sudo lxc-execute --name test /bin/bash
lxc-execute: Permission denied - failed to change apparmor profile to lxc-container-default
lxc-execute: invalid sequence number 1. expected 4
lxc-execute: failed to spawn 'test'

I'm attaching the contents of /var/log/lxc/test.log, which is the only log file I can see.

ProblemType: Bug
DistroRelease: Ubuntu 13.04
Package: lxc 0.9.0-0ubuntu3.2
ProcVersionSignature: Ubuntu 3.8.0-23.34-generic 3.8.11
Uname: Linux 3.8.0-23-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.9.2-0ubuntu8.1
Architecture: amd64
Date: Fri Jun 7 08:09:18 2013
EcryptfsInUse: Yes
InstallationDate: Installed on 2012-04-27 (405 days ago)
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64 (20120328)
MarkForUpload: True
SourcePackage: lxc
UpgradeStatus: Upgraded to raring on 2013-04-26 (41 days ago)
lxcsyslog:

See original description

Related branches

lp:ubuntu/saucy/lxc
Revision history for this message
NeilGreenwood (neil-greenwood) wrote :
Yolanda Robla (yolanda.robla)
Changed in lxc (Ubuntu):
importance: Undecided → Medium
Serge Hallyn (serge-hallyn)
Changed in lxc (Ubuntu):
status: New → Confirmed
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks for reporting this bug. Your example pointed me to the root of the problem, which has been around for awhile.

This patch, plus upstream commit fabf7361da4845cd6cf268e0e85c3c6a1c0b0be4 (from this morning), fixes the bug for me.

Changed in lxc (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → Serge Hallyn (serge-hallyn)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.9.0-0ubuntu14

---------------
lxc (0.9.0-0ubuntu14) saucy; urgency=low

  * 0009-conf.c-if-we-don-t-specify-a-rootfs-we-still-need-pr.patch: if
    apparmor is enabled and no rootfs was specified, then re-mount /proc
    so that we can write the requested apparmor profile under /proc/1.
    (LP: #1188501)
 -- Serge Hallyn <email address hidden> Mon, 10 Jun 2013 09:27:32 -0500

Changed in lxc (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
NeilGreenwood (neil-greenwood) wrote :

Is this going to be back-ported to raring?

If not, is there an alternative command I can use on the raring version to do a similar thing to:

lxc-execute --name test /bin/bash

Revision history for this message
NeilGreenwood (neil-greenwood) wrote :

Sorry, I should have said: I confirm the fix works for me on saucy.

Serge Hallyn (serge-hallyn)
Changed in lxc (Ubuntu Raring):
importance: Undecided → Medium
status: New → Confirmed
Serge Hallyn (serge-hallyn)
description: updated
Changed in lxc (Ubuntu Raring):
status: Confirmed → In Progress
Revision history for this message
Colin Watson (cjwatson) wrote : Please test proposed package

Hello NeilGreenwood, or anyone else affected,

Accepted lxc into raring-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/lxc/0.9.0-0ubuntu3.4 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in lxc (Ubuntu Raring):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
NeilGreenwood (neil-greenwood) wrote :

neil@nbg-desktop:~$ apt-cache policy lxc
lxc:
  Installed: 0.9.0-0ubuntu3.3
  Candidate: 0.9.0-0ubuntu3.4
  Version table:
     0.9.0-0ubuntu3.4 0
        500 http://gb.archive.ubuntu.com/ubuntu/ raring-proposed/universe amd64 Packages
 *** 0.9.0-0ubuntu3.3 0
        500 http://gb.archive.ubuntu.com/ubuntu/ raring-updates/universe amd64 Packages
        100 /var/lib/dpkg/status
     0.9.0-0ubuntu3 0
        500 http://gb.archive.ubuntu.com/ubuntu/ raring/universe amd64 Packages
neil@nbg-desktop:~$ sudo aptitude install lxc
The following packages will be upgraded:
  liblxc0 lxc
2 packages upgraded, 0 newly installed, 0 to remove and 96 not upgraded.
Need to get 220 kB of archives. After unpacking 0 B will be used.
The following packages have unmet dependencies:
 python3-lxc : Depends: liblxc0 (= 0.9.0-0ubuntu3.3) but 0.9.0-0ubuntu3.4 is to be installed.
The following actions will resolve these dependencies:

     Remove the following packages:
1) lxc
2) lxc-templates
3) python3-lxc

Accept this solution? [Y/n/q/?]

Revision history for this message
NeilGreenwood (neil-greenwood) wrote :

The following command has done the trick:
  sudo aptitude install lxc python3-lxc

I confirm that 0.9.0-0ubuntu3.4 has fixed the problem on raring.

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.9.0-0ubuntu3.4

---------------
lxc (0.9.0-0ubuntu3.4) raring-proposed; urgency=low

  * 0009-conf.c-if-we-don-t-specify-a-rootfs-we-still-need-pr.patch: if
    apparmor is enabled and no rootfs was specified, then re-mount /proc
    so that we can write the requested apparmor profile under /proc/1.
    (LP: #1188501)
 -- Serge Hallyn <email address hidden> Mon, 01 Jul 2013 15:34:40 -0500

Changed in lxc (Ubuntu Raring):
status: Fix Committed → Fix Released
Revision history for this message
Colin Watson (cjwatson) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.