[SOLVED] Can´t start unprivileged container

T

TechHome

Well-Known Member
Apr 12, 2020
40
1
48
I can´t start a (restored) unprivileged container. If I create a new unprivileged container I can´t start it also.

Code: 
Apr 13 13:58:51 pve ovs-vsctl[538510]: ovs|00002|db_ctl_base|ERR|unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)
Apr 13 13:58:51 pve lxc-start[538466]: lxc-start: 116: lxccontainer.c: wait_on_daemonized_start: 874 Received container state "ABORTING" instead of "RUNNING"
Apr 13 13:58:51 pve lxc-start[538466]: lxc-start: 116: tools/lxc_start.c: main: 329 The container failed to start
Apr 13 13:58:51 pve lxc-start[538466]: lxc-start: 116: tools/lxc_start.c: main: 332 To get more details, run the container in foreground mode
Apr 13 13:58:51 pve lxc-start[538466]: lxc-start: 116: tools/lxc_start.c: main: 335 Additional information can be obtained by setting the --logfile and --logpriority options
Apr 13 13:58:51 pve systemd[1]: pve-container@116.service: Control process exited, code=exited, status=1/FAILURE
Apr 13 13:58:51 pve systemd[1]: pve-container@116.service: Killing process 538479 (lxc-start) with signal SIGKILL.
Apr 13 13:58:51 pve systemd[1]: pve-container@116.service: Killing process 538553 (apparmor_parser) with signal SIGKILL.
Apr 13 13:58:51 pve systemd[1]: pve-container@116.service: Failed with result 'exit-code'.
Apr 13 13:58:51 pve systemd[1]: Failed to start PVE LXC Container: 116.

My 116.conf:
Code: 
#/etc/pve/lxc/116.conf
arch: amd64
cores: 1
hostname: nginx-proxy-manager
memory: 512
net0: name=eth0,bridge=vmbr0,gw=192.168.1.1,hwaddr=76:4E:01:75:7E:23,ip=192.168.1.14/24,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-lvm:vm-116-disk-0,size=25G
swap: 512
unprivileged: 1


Thanks for help
~Marlon
 
Last edited:
You run a current version? Please post your:

> pveversion -v
 
@tom
Code: 
root@pve:~# pveversion -v
proxmox-ve: 6.1-2 (running kernel: 5.3.18-3-pve)
pve-manager: 6.1-8 (running version: 6.1-8/806edfe1)
pve-kernel-helper: 6.1-8
pve-kernel-5.3: 6.1-6
pve-kernel-5.0: 6.0-11
pve-kernel-4.15: 5.4-6
pve-kernel-5.3.18-3-pve: 5.3.18-3
pve-kernel-5.3.18-2-pve: 5.3.18-2
pve-kernel-5.0.21-5-pve: 5.0.21-10
pve-kernel-4.15.18-18-pve: 4.15.18-44
pve-kernel-4.15.18-12-pve: 4.15.18-36
ceph: 14.2.8-pve1
ceph-fuse: 14.2.8-pve1
corosync: 3.0.3-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: residual config
ifupdown2: 2.0.1-1+pve8
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.15-pve1
libpve-access-control: 6.0-6
libpve-apiclient-perl: 3.0-3
libpve-common-perl: 6.0-17
libpve-guest-common-perl: 3.0-5
libpve-http-server-perl: 3.0-5
libpve-storage-perl: 6.1-5
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 3.2.1-1
lxcfs: 4.0.1-pve1
novnc-pve: 1.1.0-1
openvswitch-switch: residual config
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.1-3
pve-cluster: 6.1-4
pve-container: 3.0-23
pve-docs: 6.1-6
pve-edk2-firmware: 2.20200229-1
pve-firewall: 4.0-10
pve-firmware: 3.0-7
pve-ha-manager: 3.0-9
pve-i18n: 2.0-4
pve-qemu-kvm: 4.1.1-4
pve-xtermjs: 4.3.0-1
qemu-server: 6.1-7
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-1
zfsutils-linux: 0.8.3-pve1
 
Last edited:
please obtain a debug log and post the result here. are you using OVS? could you include your /etc/network/interfaces file?
 
Code: 
root@pve:~# lxc-start -n 116 -F -l DEBUG -o /tmp/lxc-116.log
lxc-start: 116: conf.c: lxc_pivot_root: 1502 Permission denied - Failed to open old root directory
               lxc-start: 116: conf.c: lxc_setup: 3701 Failed to pivot root into rootfs
    lxc-start: 116: start.c: do_start: 1338 Failed to setup container "116"
                                                                           lxc-start: 116: sync.c: __sync_wait: 62 An error occurred in another process (expected sequence number 5)
              lxc-start: 116: start.c: lxc_abort: 1133 Function not implemented - Failed to send SIGKILL to 12691
                              lxc-start: 116: start.c: __lxc_start: 2080 Failed to spawn container "116"
                     lxc-start: 116: tools/lxc_start.c: main: 329 The container failed to start
lxc-start: 116: tools/lxc_start.c: main: 335 Additional information can be obtained by setting the --logfile and --logpriority options


Code: 
root@pve:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno1 inet manual
        mtu 1500

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.8/24
        gateway 192.168.1.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        mtu 1500
I installed OVS, tried and removed it.
 
could you also add the contents of the debug log '/tmp/lxc-116.log' ?
 
could you try rebooting the host and see if the container starts then (with the same debug command to obtain a full log from fresh start) - there seem to be leftover cgroup directories from previous failed attempts to start it.
 
Curious. What do you get from stat / on a shell?
 
wbumiller said:
Curious. What do you get from stat / on a shell?
Click to expand...

Code: 
root@pve:~# stat /
  File: /
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: fd01h/64769d    Inode: 2           Links: 24
Access: (0311/d-wx--x--x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2020-04-16 12:56:17.303996688 +0200
Modify: 2020-04-13 01:31:15.771333658 +0200
Change: 2020-04-13 01:31:15.771333658 +0200
 Birth: -
 
So a regular user cannot even do an ls / on your host? lxc needs to open a file handle to / to switch into the guest file system. That's not possible without read access.
Do you have a reason for this or did it happen by accident somehow? The regular permissions are 0755 for /.
 
wbumiller said:
So a regular user cannot even do an ls / on your host? lxc needs to open a file handle to / to switch into the guest file system. That's not possible without read access.
Do you have a reason for this or did it happen by accident somehow? The regular permissions are 0755 for /.
Click to expand...

Everything worked fine on sunday. I haven't made changes at this time field. By issuing chmod 755 / the problem was fixed. Thank you
 
You must log in or register to reply here.
Top Bottom