After latest update LXC+Docker = broken

[olsonn]

the error i get now

Error response from daemon: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:359: container init caused \"rootfs_linux.go:43: preparing rootfs caused \\\"permission denied\\\"\""

has this something to do with apparmor?
not sure what needs to be in my
/etc/pve/lxc/100.conf to run properly?

this part is not valid anymore...
lxc.aa_profile = unconfined
so
lxc.apparmor.profile = unconfined

but still no go...
please help

 

[dietmar]

Seems you have old packages? What is the output of

# pveversion -v

 

[olsonn]

proxmox-ve: 5.1-42 (running kernel: 4.13.16-2-pve)
pve-manager: 5.1-49 (running version: 5.1-49/1e427a54)
pve-kernel-4.13: 5.1-44
pve-kernel-4.13.16-2-pve: 4.13.16-47
pve-kernel-4.13.16-1-pve: 4.13.16-46
pve-kernel-4.13.13-6-pve: 4.13.13-42
pve-kernel-4.13.13-5-pve: 4.13.13-38
pve-kernel-4.13.8-2-pve: 4.13.8-28
pve-kernel-4.13.4-1-pve: 4.13.4-26
pve-kernel-4.10.17-2-pve: 4.10.17-20
corosync: 2.4.2-pve3
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: 1.2-2
libjs-extjs: 6.0.1-2
libpve-access-control: 5.0-8
libpve-apiclient-perl: 2.0-4
libpve-common-perl: 5.0-30
libpve-guest-common-perl: 2.0-14
libpve-http-server-perl: 2.0-8
libpve-storage-perl: 5.0-18
libqb0: 1.0.1-1
lvm2: 2.02.168-pve6
lxc-pve: 3.0.0-2
lxcfs: 3.0.0-1
novnc-pve: 0.6-4
proxmox-widget-toolkit: 1.0-14
pve-cluster: 5.0-24
pve-container: 2.0-21
pve-docs: 5.1-17
pve-firewall: 3.0-7
pve-firmware: 2.0-4
pve-ha-manager: 2.0-5
pve-i18n: 1.0-4
pve-libspice-server1: 0.12.8-3
pve-qemu-kvm: 2.11.1-5
pve-xtermjs: 1.0-2
qemu-server: 5.0-24
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3
zfsutils-linux: 0.7.7-pve1~bpo9

 

[wbumiller]

Some more error output / logs would be useful. Do you see anything in the syslog when doing this (host & guest)?

 

[olsonn]

found something:

"'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded."

overlay support?


root@traefik:~# journalctl -u docker.service
-- Logs begin at Thu 2018-04-12 20:36:41 UTC, end at Fri 2018-04-13 09:19:01 UTC. --
Apr 12 20:36:41 traefik systemd[1]: docker.service: Failed to reset devices.list: Operation not permitted
Apr 12 20:36:41 traefik systemd[1]: Starting Docker Application Container Engine...
Apr 12 20:36:41 traefik dockerd[111]: time="2018-04-12T20:36:41.873633722Z" level=info msg="libcontainerd: new containerd process, pid: 178"
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.895090657Z" level=warning msg="failed to rename /var/lib/docker/tmp for background deletion: %!s(<nil>). Deleting synchronously"
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.918236369Z" level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded."
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.922669010Z" level=error msg="'overlay' not found as a supported filesystem on this host. Please ensure kernel is new enough and has overlay support loaded."
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.973346089Z" level=info msg="Graph migration to content-addressability took 0.00 seconds"
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.978188254Z" level=warning msg="Your kernel does not support cgroup rt period"
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.979083190Z" level=warning msg="Your kernel does not support cgroup rt runtime"
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.982146022Z" level=info msg="Loading containers: start."
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.989615524Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.13.16-2-pve/modules.dep.bin'
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.994355223Z" level=warning msg="Running modprobe nf_nat failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.13.16-2-pve/modules.dep.bin'\nmodprobe:
Apr 12 20:36:42 traefik dockerd[111]: time="2018-04-12T20:36:42.998916922Z" level=warning msg="Running modprobe xt_conntrack failed with message: `modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.13.16-2-pve/modules.dep.bin'\nmodp
Apr 12 20:36:43 traefik dockerd[111]: time="2018-04-12T20:36:43Z" level=fatal msg="permission denied"
Apr 12 20:36:43 traefik dockerd[111]: time="2018-04-12T20:36:43.257013690Z" level=error msg="failed to create osl sandbox while trying to restore sandbox 03aca52 for cleanup: namespace creation reexec command failed: exit status 1"
Apr 12 20:36:43 traefik dockerd[111]: time="2018-04-12T20:36:43Z" level=fatal msg="permission denied"
Apr 12 20:36:43 traefik dockerd[111]: time="2018-04-12T20:36:43.419998771Z" level=error msg="failed to create osl sandbox while trying to restore sandbox 2be184f for cleanup: namespace creation reexec command failed: exit status 1"
Apr 12 20:36:43 traefik dockerd[111]: time="2018-04-12T20:36:43.524032537Z" level=

 

[olsonn]

started with a new lxc and installed from scratch. now it works.. not sure what went wrong during update.
under investigation