Ubuntu
lxc package

cannot run libvirt in an 'lxc create -t ubuntu' container

Bug #918946 reported by Scott Moser
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

if you try to start a qemu/kvm guest from inside a container crated by lxc create -t ubuntu, it will fail with something like:
error: Failed to start domain my.img
error: unable to allow device /dev/full: Operation not permitted

$ lxc-create -t ubuntu -n lv1
$ lxc-start -n lv1 -d
$ lxc-console -n lv1
# login here
% apt-get install qemu-kvm wget
% apt-get install dbus # bug 918343
% apt-get install libvirt-bin
% wget http://launchpad.net/cirros/trunk/0.3.0/+download/cirros-0.3.0-x86_64-disk.img -O disk.zimg
% qemu-img convert disk.zimg -O qcow2 /tmp/disk.img
% wget https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/918946/+attachment/2683440/+files/libvirt.xml
% virsh define libvirt.xml
% virsh start mytest

from a working qemu guest, I see:
# cat /sys/fs/cgroup/devices/libvirt/qemu/myname/devices.list
c 136:* rw
c 1:3 rw
c 1:7 rw
c 1:5 rw
c 1:8 rw
c 1:9 rw
c 5:2 rw
c 254:0 rw

So I think we need to add access to that list of devices. (haven't testd this all the way yet).

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lxc 0.7.5-3ubuntu5
ProcVersionSignature: User Name 3.2.0-8.15-virtual 3.2.0
Uname: Linux 3.2.0-8-virtual x86_64
ApportVersion: 1.90-0ubuntu1
Architecture: amd64
Date: Thu Jan 19 21:52:06 2012
Ec2AMI: ami-0000012b
Ec2AMIManifest: FIXME
Ec2AvailabilityZone: nova
Ec2InstanceType: m1.small
Ec2Kernel: unavailable
Ec2Ramdisk: unavailable
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)

See original description

Related branches

lp:ubuntu/precise/lxc
lp:~smoser/ubuntu/precise/lxc/add-hpet-ubuntu
Martin Pitt: Approve
Diff: 58 lines (+17/-6)
3 files modified
debian/changelog (+6/-0)
debian/patches/0021-add-dev-full-to-whitelist.patch (+9/-6)
templates/lxc-ubuntu.in (+2/-0)
lp:~serge-hallyn/ubuntu/precise/lxc/lxc-create-lvm
Revision history for this message
Scott Moser (smoser) wrote :
Serge Hallyn (serge-hallyn)
Changed in lxc (Ubuntu):
status: New → Confirmed
importance: Undecided → Low
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Thanks, Scott. All the other devices you list are already being granted, so I'll add 1:7 (/dev/full) to the whitelist.

Scott Moser (smoser)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 0.7.5-3ubuntu7

---------------
lxc (0.7.5-3ubuntu7) precise; urgency=low

  * lxc-ubuntu template: add 1:7 (/dev/full) to whitelist (LP: #918946)
 -- Serge Hallyn <email address hidden> Thu, 19 Jan 2012 16:21:48 -0600

Changed in lxc (Ubuntu):
status: Confirmed → Fix Released
Scott Moser (smoser)
description: updated
Revision history for this message
Scott Moser (smoser) wrote :

re-attaching libvirt.xml (this one has full, not relative, path to /tmp/disk.img, and has 'qemu' as the type).

description: updated
description: updated
Revision history for this message
Scott Moser (smoser) wrote :

with the additional /dev/hpet added to the container cgroups, i can successfully boot cirros via lxc from inside the container.

Revision history for this message
Martin Pitt (pitti) wrote :

Reopening for the missing /dev/hpet

Changed in lxc (Ubuntu):
status: Fix Released → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

Nevermind, apparently already fixed in 0.7.5-3ubuntu8

Changed in lxc (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.