[SOLVED] Linux 6.11 Kernel - Failure to start LXC

ram75

New Member
Apr 30, 2024
7
1
3
https://forum.proxmox.com/threads/o...le-on-test-no-subscription.156818/post-717079

root@blade1:~# pct config 109
arch: amd64
cores: 2
description: test
features: nesting=1
hostname: wazuh-ix1
memory: 4096
nameserver: 192.168.16.7
net0: name=eth0,bridge=vmbr1,firewall=1,gw=192.168.16.3,hwaddr=02:CA:BA:41:6E:3C,ip=192.168.16.152/24,ip6=auto,type=veth
onboot: 1
ostype: ubuntu
protection: 1
rootfs: SM1DDC1:vm-109-disk-0,size=500G
searchdomain: frm-intranet16
swap: 4096
unprivileged: 1
 
Hi,
quoting the original error:
hola, después de instalar el kernel 6.11 no inician los LXC, probé generar uno nuevo pero tuve el mismo error

cgfsng_setup_limits_legacy: 3442 No such file or directory - Failed to set "memory.limit_in_bytes" to "536870912"
lxc_spawn: 1802 Failed to setup cgroup limits for container "122"
TASK ERROR: startup for container '122' failed

Please also post the output of pveversion -v and cat /proc/cmdline. Did you reboot after installing the new kernel? Are there any additional messages in the system log/journal? Can you share the output of pct start 122 --debug?
 
Buen día

Server IBM Blade HS22 (Type 7870)
Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (2 Sockets)
96GB RAM

Linux blade1 6.11.0-1-pve #1 SMP PREEMPT_DYNAMIC PMX 6.11.0-1 (2024-10-23T15:32Z) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon Nov 4 08:44:54 -03 2024 from 2801:1e:4007:127::146 on pts/0

root@blade1:~# pveversion -v
proxmox-ve: 8.2.0 (running kernel: 6.11.0-1-pve)
pve-manager: 8.2.7 (running version: 8.2.7/3e0176e6bb2ade3b)
proxmox-kernel-helper: 8.1.0
proxmox-kernel-6.11.0-1-pve-signed: 6.11.0-1
proxmox-kernel-6.11: 6.11.0-1
proxmox-kernel-6.8: 6.8.12-3
proxmox-kernel-6.8.12-3-pve-signed: 6.8.12-3
proxmox-kernel-6.5.13-6-pve-signed: 6.5.13-6
proxmox-kernel-6.5: 6.5.13-6
ceph-fuse: 18.2.4-pve3
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx9
ksm-control-daemon: 1.5-1
libjs-extjs: 7.0.0-4
libknet1: 1.28-pve1
libproxmox-acme-perl: 1.5.1
libproxmox-backup-qemu0: 1.4.1
libproxmox-rs-perl: 0.3.4
libpve-access-control: 8.1.4
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.0.8
libpve-cluster-perl: 8.0.8
libpve-common-perl: 8.2.5
libpve-guest-common-perl: 5.1.4
libpve-http-server-perl: 5.1.2
libpve-network-perl: 0.9.8
libpve-rs-perl: 0.8.10
libpve-storage-perl: 8.2.5
libqb0: 1.0.5-1
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 6.0.0-1
lxcfs: 6.0.0-pve2
novnc-pve: 1.4.0-4
proxmox-backup-client: 3.2.7-1
proxmox-backup-file-restore: 3.2.7-1
proxmox-firewall: 0.5.0
proxmox-kernel-helper: 8.1.0
proxmox-mail-forward: 0.2.3
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.7
proxmox-widget-toolkit: 4.2.4
pve-cluster: 8.0.8
pve-container: 5.2.0
pve-docs: 8.2.3
pve-edk2-firmware: 4.2023.08-4
pve-esxi-import-tools: 0.7.2
pve-firewall: 5.0.7
pve-firmware: 3.14-1
pve-ha-manager: 4.0.5
pve-i18n: 3.2.4
pve-qemu-kvm: 9.0.2-3
pve-xtermjs: 5.3.0-3
qemu-server: 8.2.4
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.6-pve1

#############################################################################################

root@blade1:~# cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-6.11.0-1-pve root=/dev/mapper/pve-root ro systemd.unified_cgroup_hierarchy=0 quiet

#############################################################################################

root@blade1:~# pct start 122 --debug
cgfsng_setup_limits_legacy: 3442 No such file or directory - Failed to set "memory.limit_in_bytes" to "536870912"
lxc_spawn: 1802 Failed to setup cgroup limits for container "122"
__lxc_start: 2114 Failed to spawn container "122"
sm - ../src/lxc/lsm/lsm.c:lsm_init_static:38 - Initialized LSM security driver AppArmor
INFO utils - ../src/lxc/utils.c:run_script_argv:587 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "122", config section "lxc"
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:unpriv_systemd_create_scope:1498 - Running privileged, not using a systemd unit
DEBUG seccomp - ../src/lxc/seccomp.c:parse_config_v2:664 - Host native arch is [3221225534]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "reject_force_umount # comment this to allow umount -f; not recommended"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:532 - Set seccomp rule to reject force umounts
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "[all]"
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "kexec_load errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[246:kexec_load] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "open_by_handle_at errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[304:eek:pen_by_handle_at] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[304:eek:pen_by_handle_at] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[304:eek:pen_by_handle_at] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "init_module errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[175:init_module] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "finit_module errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[313:finit_module] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "delete_module errno 1"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[176:delete_module] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "ioctl errno 1 [1,0x9400,SCMP_CMP_MASKED_EQ,0xff00]"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:555 - arg_cmp[0]: SCMP_CMP(1, 7, 65280, 37888)
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[16:ioctl] action[327681:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:555 - arg_cmp[0]: SCMP_CMP(1, 7, 65280, 37888)
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[16:ioctl] action[327681:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:555 - arg_cmp[0]: SCMP_CMP(1, 7, 65280, 37888)
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[16:ioctl] action[327681:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:815 - Processing "keyctl errno 38"
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding native rule for syscall[250:keyctl] action[327718:errno] arch[0]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[250:keyctl] action[327718:errno] arch[1073741827]
INFO seccomp - ../src/lxc/seccomp.c:do_resolve_add_rule:572 - Adding compat rule for syscall[250:keyctl] action[327718:errno] arch[1073741886]
INFO seccomp - ../src/lxc/seccomp.c:parse_config_v2:1036 - Merging compat seccomp contexts into main context
INFO start - ../src/lxc/start.c:lxc_init:882 - Container "122" is initialized
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_monitor_create:1669 - The monitor process uses "lxc.monitor/122" as cgroup
DEBUG storage - ../src/lxc/storage/storage.c:storage_query:231 - Detected rootfs type "dir"
DEBUG storage - ../src/lxc/storage/storage.c:storage_query:231 - Detected rootfs type "dir"
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits_legacy:3449 - Limits for the legacy cgroup hierarchies have been setup
INFO cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_payload_create:1777 - The container process uses "lxc/122/ns" as inner and "lxc/122" as limit cgroup
INFO start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWUSER
INFO start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWNS
INFO start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWPID
INFO start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWUTS
INFO start - ../src/lxc/start.c:lxc_spawn:1769 - Cloned CLONE_NEWIPC
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved user namespace via fd 69 and stashed path as user:/proc/4518/fd/69
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved mnt namespace via fd 70 and stashed path as mnt:/proc/4518/fd/70
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved pid namespace via fd 71 and stashed path as pid:/proc/4518/fd/71
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved uts namespace via fd 72 and stashed path as uts:/proc/4518/fd/72
DEBUG start - ../src/lxc/start.c:lxc_try_preserve_namespace:140 - Preserved ipc namespace via fd 73 and stashed path as ipc:/proc/4518/fd/73
DEBUG idmap_utils - ../src/lxc/idmap_utils.c:idmaptool_on_path_and_privileged:93 - The binary "/usr/bin/newuidmap" does have the setuid bit set
DEBUG idmap_utils - ../src/lxc/idmap_utils.c:idmaptool_on_path_and_privileged:93 - The binary "/usr/bin/newgidmap" does have the setuid bit set
DEBUG idmap_utils - ../src/lxc/idmap_utils.c:lxc_map_ids:178 - Functional newuidmap and newgidmap binary found
ERROR cgfsng - ../src/lxc/cgroups/cgfsng.c:cgfsng_setup_limits_legacy:3442 - No such file or directory - Failed to set "memory.limit_in_bytes" to "536870912"
ERROR start - ../src/lxc/start.c:lxc_spawn:1802 - Failed to setup cgroup limits for container "122"
DEBUG network - ../src/lxc/network.c:lxc_delete_network:4217 - Deleted network devices
ERROR start - ../src/lxc/start.c:__lxc_start:2114 - Failed to spawn container "122"
WARN start - ../src/lxc/start.c:lxc_abort:1037 - No such process - Failed to send SIGKILL via pidfd 68 for process 4558
startup for container '122' failed
root@blade1:~#
 
log/journal

nov 04 08:46:56 blade1 pct[4496]: <root@pam> starting task UPID:blade1:00001191:00016211:6728B430:vzstart:122:root@pam:
nov 04 08:46:56 blade1 pct[4497]: starting CT 122: UPID:blade1:00001191:00016211:6728B430:vzstart:122:root@pam:
nov 04 08:46:57 blade1 systemd[1]: Starting systemd-tmpfiles-clean.service - Cleanup of Temporary Directories...
nov 04 08:46:57 blade1 systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
nov 04 08:46:57 blade1 systemd[1]: Finished systemd-tmpfiles-clean.service - Cleanup of Temporary Directories.
nov 04 08:46:57 blade1 systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.
nov 04 08:46:57 blade1 systemd[1]: Created slice system-pve\x2dcontainer\x2ddebug.slice - Slice /system/pve-container-debug.
nov 04 08:46:57 blade1 systemd[1]: Started pve-container-debug@122.service - PVE LXC Container: 122.
nov 04 08:46:59 blade1 kernel: EXT4-fs (dm-20): mounted filesystem ed0ef53a-32a3-4291-b1ac-cfe59397feb9 r/w with ordered data mode. Quota mode: none.
nov 04 08:47:00 blade1 audit[4557]: AVC apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-122_</var/lib/lxc>" pid=4557 comm="apparmor_parser"
nov 04 08:47:00 blade1 kernel: audit: type=1400 audit(1730720820.380:32): apparmor="STATUS" operation="profile_load" profile="/usr/bin/lxc-start" name="lxc-122_</var/lib/lxc>" pid=455>
nov 04 08:47:00 blade1 pct[4497]: startup for container '122' failed
nov 04 08:47:00 blade1 pct[4496]: <root@pam> end task UPID:blade1:00001191:00016211:6728B430:vzstart:122:root@pam: startup for container '122' failed
nov 04 08:47:01 blade1 audit[4564]: AVC apparmor="STATUS" operation="profile_remove" profile="/usr/bin/lxc-start" name="lxc-122_</var/lib/lxc>" pid=4564 comm="apparmor_parser"
nov 04 08:47:01 blade1 kernel: audit: type=1400 audit(1730720821.003:33): apparmor="STATUS" operation="profile_remove" profile="/usr/bin/lxc-start" name="lxc-122_</var/lib/lxc>" pid=4>
nov 04 08:47:01 blade1 pvestatd[1663]: unable to get PID for CT 122 (not running?)
nov 04 08:47:02 blade1 kernel: EXT4-fs (dm-20): unmounting filesystem ed0ef53a-32a3-4291-b1ac-cfe59397feb9.
nov 04 08:47:02 blade1 systemd[1]: pve-container-debug@122.service: Main process exited, code=exited, status=1/FAILURE
nov 04 08:47:02 blade1 systemd[1]: pve-container-debug@122.service: Failed with result 'exit-code'.
 
Ok, ya funciona todo.

Estaba usando el proxmox-kernel-6.5: 6.5.13-6 ya que el proxmox-kernel-6.8 falla con la controladora SAS
 
The fix has been applied and the next future 6.11 build will include CGroup v1 support again.

But please note that Proxmox VE 8 will be the last PVE version to support the deprecated legacy CGroup v1 version. PVE 9 (due later next year) won't be able to support v1 anymore as too much crucial and fundamental software removed support completely over the last years.
 
  • Like
Reactions: fiona

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!