arch guest: WARN: old systemd (< v232) detected, container won't run in a pure cgroupv2 environment!

P

Phlogi

Renowned Member
Jul 21, 2015
37
4
73
I'm getting the above warning on an unprevlidged arch linux container, that runs a recent systemd version.
Any idea?

Do i have some modified app armour profile somewhere in the system?

Here are the details:
Config of container
Code: 
arch: amd64
cpulimit: 4
cpuunits: 1024
features: nesting=1
hostname: archy
memory: 3072
net0: name=eth0,bridge=vmbr0,gw=192.168.1.1,hwaddr=32:61:31:31:32:27,ip=192.168.1.15/24,type=veth
onboot: 1
ostype: archlinux
rootfs: Data:subvol-203-disk-0,size=2056G
startup: order=3
swap: 0


pve start --debug
Code: 
INFO     lsm - lsm/lsm.c:lsm_init_static:38 - Initialized LSM security driver AppArmor
INFO     conf - conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "203", config section "lxc"
DEBUG    seccomp - seccomp.c:parse_config_v2:656 - Host native arch is [3221225534]
INFO     seccomp - seccomp.c:parse_config_v2:807 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
INFO     seccomp - seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO     seccomp - seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO     seccomp - seccomp.c:do_resolve_add_rule:524 - Set seccomp rule to reject force umounts
INFO     seccomp - seccomp.c:parse_config_v2:807 - Processing "[all]"
INFO     seccomp - seccomp.c:parse_config_v2:807 - Processing "kexec_load errno 1"
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[246:kexec_load] action[327681:errno] arch[0]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741827]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[246:kexec_load] action[327681:errno] arch[1073741886]
INFO     seccomp - seccomp.c:parse_config_v2:807 - Processing "open_by_handle_at errno 1"
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[304:open_by_handle_at] action[327681:errno] arch[0]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[304:open_by_handle_at] action[327681:errno] arch[1073741827]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[304:open_by_handle_at] action[327681:errno] arch[1073741886]
INFO     seccomp - seccomp.c:parse_config_v2:807 - Processing "init_module errno 1"
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[175:init_module] action[327681:errno] arch[0]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741827]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[175:init_module] action[327681:errno] arch[1073741886]
INFO     seccomp - seccomp.c:parse_config_v2:807 - Processing "finit_module errno 1"
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[313:finit_module] action[327681:errno] arch[0]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741827]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[313:finit_module] action[327681:errno] arch[1073741886]
INFO     seccomp - seccomp.c:parse_config_v2:807 - Processing "delete_module errno 1"
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding native rule for syscall[176:delete_module] action[327681:errno] arch[0]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741827]
INFO     seccomp - seccomp.c:do_resolve_add_rule:564 - Adding compat rule for syscall[176:delete_module] action[327681:errno] arch[1073741886]
INFO     seccomp - seccomp.c:parse_config_v2:1017 - Merging compat seccomp contexts into main context
INFO     start - start.c:lxc_init:884 - Container "203" is initialized
INFO     cgfsng - cgroups/cgfsng.c:cgfsng_monitor_create:1028 - The monitor process uses "lxc.monitor/203" as cgroup
DEBUG    storage - storage/storage.c:storage_query:231 - Detected rootfs type "dir"
INFO     cgfsng - cgroups/cgfsng.c:cgfsng_payload_create:1136 - The container process uses "lxc/203/ns" as inner and "lxc/203" as limit cgroup
INFO     start - start.c:lxc_spawn:1765 - Cloned CLONE_NEWNS
INFO     start - start.c:lxc_spawn:1765 - Cloned CLONE_NEWPID
INFO     start - start.c:lxc_spawn:1765 - Cloned CLONE_NEWUTS
INFO     start - start.c:lxc_spawn:1765 - Cloned CLONE_NEWIPC
INFO     start - start.c:lxc_spawn:1765 - Cloned CLONE_NEWNET
INFO     start - start.c:lxc_spawn:1765 - Cloned CLONE_NEWCGROUP
DEBUG    start - start.c:lxc_try_preserve_namespace:139 - Preserved mnt namespace via fd 18 and stashed path as mnt:/proc/263658/fd/18
DEBUG    start - start.c:lxc_try_preserve_namespace:139 - Preserved pid namespace via fd 19 and stashed path as pid:/proc/263658/fd/19
DEBUG    start - start.c:lxc_try_preserve_namespace:139 - Preserved uts namespace via fd 20 and stashed path as uts:/proc/263658/fd/20
DEBUG    start - start.c:lxc_try_preserve_namespace:139 - Preserved ipc namespace via fd 21 and stashed path as ipc:/proc/263658/fd/21
DEBUG    start - start.c:lxc_try_preserve_namespace:139 - Preserved net namespace via fd 22 and stashed path as net:/proc/263658/fd/22
DEBUG    start - start.c:lxc_try_preserve_namespace:139 - Preserved cgroup namespace via fd 23 and stashed path as cgroup:/proc/263658/fd/23
WARN     cgfsng - cgroups/cgfsng.c:cgfsng_setup_limits_legacy:2735 - Invalid argument - Ignoring legacy cgroup limits on pure cgroup2 system
INFO     cgfsng - cgroups/cgfsng.c:cgfsng_setup_limits:2831 - Limits for the unified cgroup hierarchy have been setup
INFO     conf - conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/lxcnetaddbr" for container "203", config section "net"
DEBUG    network - network.c:netdev_configure_server_veth:851 - Instantiated veth tunnel "veth203i0 <--> vethvUQFxM"
DEBUG    conf - conf.c:lxc_mount_rootfs:1432 - Mounted rootfs "/var/lib/lxc/203/rootfs" onto "/usr/lib/x86_64-linux-gnu/lxc/rootfs" with options "(null)"
INFO     conf - conf.c:setup_utsname:875 - Set hostname to "archServices"
DEBUG    network - network.c:setup_hw_addr:3807 - Mac address "32:61:31:31:32:27" on "eth0" has been setup
DEBUG    network - network.c:lxc_network_setup_in_child_namespaces_common:3948 - Network device "eth0" has been setup
INFO     network - network.c:lxc_setup_network_in_child_namespaces:4005 - Finished setting up network devices with caller assigned names
INFO     conf - conf.c:mount_autodev:1215 - Preparing "/dev"
INFO     conf - conf.c:mount_autodev:1276 - Prepared "/dev"
DEBUG    conf - conf.c:lxc_mount_auto_mounts:735 - Invalid argument - Tried to ensure procfs is unmounted
DEBUG    conf - conf.c:lxc_mount_auto_mounts:758 - Invalid argument - Tried to ensure sysfs is unmounted
DEBUG    conf - conf.c:mount_entry:2412 - Remounting "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" to respect bind or remount options
DEBUG    conf - conf.c:mount_entry:2431 - Flags for "/sys/fs/fuse/connections" were 4110, required extra flags are 14
DEBUG    conf - conf.c:mount_entry:2475 - Mounted "/sys/fs/fuse/connections" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/sys/fs/fuse/connections" with filesystem type "none"
DEBUG    conf - conf.c:mount_entry:2475 - Mounted "proc" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/proc" with filesystem type "proc"
DEBUG    conf - conf.c:mount_entry:2475 - Mounted "sys" on "/usr/lib/x86_64-linux-gnu/lxc/rootfs/dev/.lxc/sys" with filesystem type "sysfs"
DEBUG    cgfsng - cgroups/cgfsng.c:__cgroupfs_mount:1541 - Mounted cgroup filesystem cgroup2 onto 20((null))
INFO     conf - conf.c:run_script_argv:337 - Executing script "/usr/share/lxcfs/lxc.mount.hook" for container "203", config section "lxc"
INFO     conf - conf.c:run_script_argv:337 - Executing script "/usr/share/lxc/hooks/lxc-pve-autodev-hook" for container "203", config section "lxc"
INFO     conf - conf.c:lxc_fill_autodev:1313 - Populating "/dev"
DEBUG    conf - conf.c:lxc_fill_autodev:1322 - Created device node "full"
DEBUG    conf - conf.c:lxc_fill_autodev:1322 - Created device node "null"
DEBUG    conf - conf.c:lxc_fill_autodev:1322 - Created device node "random"
DEBUG    conf - conf.c:lxc_fill_autodev:1322 - Created device node "tty"
DEBUG    conf - conf.c:lxc_fill_autodev:1322 - Created device node "urandom"
DEBUG    conf - conf.c:lxc_fill_autodev:1322 - Created device node "zero"
INFO     conf - conf.c:lxc_fill_autodev:1401 - Populated "/dev"
INFO     conf - conf.c:lxc_transient_proc:3771 - Caller's PID is 1; /proc/self points to 1
DEBUG    conf - conf.c:lxc_setup_devpts_child:1747 - Attached detached devpts mount 21 to 19/pts
DEBUG    conf - conf.c:lxc_setup_devpts_child:1833 - Created "/dev/ptmx" file as bind mount target
DEBUG    conf - conf.c:lxc_setup_devpts_child:1840 - Bind mounted "/dev/pts/ptmx" to "/dev/ptmx"
DEBUG    conf - conf.c:lxc_allocate_ttys:1101 - Created tty with ptx fd 23 and pty fd 24 and index 1
DEBUG    conf - conf.c:lxc_allocate_ttys:1101 - Created tty with ptx fd 25 and pty fd 26 and index 2
INFO     conf - conf.c:lxc_allocate_ttys:1106 - Finished creating 2 tty devices
DEBUG    conf - conf.c:lxc_setup_ttys:1028 - Bind mounted "" onto "/dev/lxc/tty1"
DEBUG    conf - conf.c:lxc_setup_ttys:1028 - Bind mounted "" onto "/dev/lxc/tty2"
INFO     conf - conf.c:lxc_setup_ttys:1072 - Finished setting up 2 /dev/tty<N> device(s)
INFO     conf - conf.c:setup_personality:1913 - Set personality to "0lx0"
DEBUG    conf - conf.c:capabilities_deny:3196 - Dropped mac_admin (33) capability
DEBUG    conf - conf.c:capabilities_deny:3196 - Dropped mac_override (32) capability
DEBUG    conf - conf.c:capabilities_deny:3196 - Dropped sys_time (25) capability
DEBUG    conf - conf.c:capabilities_deny:3196 - Dropped sys_module (16) capability
DEBUG    conf - conf.c:capabilities_deny:3196 - Dropped sys_rawio (17) capability
DEBUG    conf - conf.c:capabilities_deny:3199 - Capabilities have been setup
NOTICE   conf - conf.c:lxc_setup:4464 - The container "203" is set up
INFO     apparmor - lsm/apparmor.c:apparmor_process_label_set_at:1186 - Set AppArmor label to "lxc-203_</var/lib/lxc>//&:lxc-203_<-var-lib-lxc>:"
INFO     apparmor - lsm/apparmor.c:apparmor_process_label_set:1231 - Changed AppArmor profile to lxc-203_</var/lib/lxc>//&:lxc-203_<-var-lib-lxc>:
DEBUG    terminal - terminal.c:lxc_terminal_peer_default:695 - No such device - The process does not have a controlling terminal
NOTICE   utils - utils.c:lxc_drop_groups:1365 - Dropped supplimentary groups
NOTICE   start - start.c:start:2161 - Exec'ing "/sbin/init"
NOTICE   start - start.c:post_start:2172 - Started "/sbin/init" with pid "263755"
NOTICE   start - start.c:signal_handler:449 - Received 17 from pid 263751 instead of container init 263755
WARN: old systemd (< v232) detected, container won't run in a pure cgroupv2 environment! Please see documentation -> container -> cgroup version.
Task finished with 1 warning(s)!

systemd version of arch linux guest
Code: 
pct exec 203 -- systemctl --version
systemd 251 (251.2-1-arch)
+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT -QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT default-hierarchy=unified

Proxmox version info
Code: 
# pveversion --verbose
proxmox-ve: 7.2-1 (running kernel: 5.15.35-3-pve)
pve-manager: 7.2-5 (running version: 7.2-5/12f1e639)
pve-kernel-5.15: 7.2-5
pve-kernel-helper: 7.2-5
pve-kernel-5.13: 7.1-9
pve-kernel-5.11: 7.0-10
pve-kernel-5.15.35-3-pve: 5.15.35-6
pve-kernel-5.15.35-2-pve: 5.15.35-5
pve-kernel-5.13.19-6-pve: 5.13.19-15
pve-kernel-5.13.19-2-pve: 5.13.19-4
pve-kernel-5.11.22-7-pve: 5.11.22-12
ceph-fuse: 14.2.21-1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: residual config
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve1
libproxmox-acme-perl: 1.4.2
libproxmox-backup-qemu0: 1.3.1-1
libpve-access-control: 7.2-2
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-2
libpve-guest-common-perl: 4.1-2
libpve-http-server-perl: 4.1-2
libpve-storage-perl: 7.2-5
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.12-1
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-3
proxmox-backup-client: 2.2.3-1
proxmox-backup-file-restore: 2.2.3-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.5.1
pve-cluster: 7.2-1
pve-container: 4.2-1
pve-docs: 7.2-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.4-2
pve-ha-manager: 3.3-4
pve-i18n: 2.7-2
pve-qemu-kvm: 6.2.0-10
pve-xtermjs: 4.16.0-1
qemu-server: 7.2-3
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.4-pve1
 
  • Like
Reactions: botand
Hi,

looking through the code that is responsible here it looks like we aren't properly picking up the systemd version. Could you maybe execute find / -name "libsystemd*.so" 2> /dev/null with root privileges in the container and post the output?

Thanks!
 
Last edited:
Sure, there you go:
Code: 
pct exec 203 -- find / -name "libsystemd*.so" 2> /dev/null
/usr/lib/libsystemd.so
/usr/lib/systemd/libsystemd-core-251.2-1.so
/usr/lib/systemd/libsystemd-shared-251.2-1.so
 
Ola pessoal, estou com mesmo problema aqui e o container não sobe:

WARN: old systemd (< v232) detected, container won't run in a pure cgroupv2 environment! Please see documentation -> container -> cgroup version.
TASK WARNINGS: 1

Versão do PM 7.2-11.

Alguem consegue dizer o que pode ser esse problema e como resolve-lo?
 
sterzy said:
Hi,

looking through the code that is responsible here it looks like we aren't properly picking up the systemd version. Could you maybe execute find / -name "libsystemd*.so" 2> /dev/null with root privileges in the container and post the output?

Thanks!
Click to expand...
Thanks sterzy.

I was running into this issue on an LXC running Ubuntu 22.10, so ran the same command:

Bash: 
root@code:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.10
Release:        22.10
Codename:       kinetic
root@code:~# find / -name "libsystemd*.so" 2> /dev/null
/usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-251.so
/usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-251.so

On host
Bash: 
pveversion
pve-manager/7.2-11/b76d3178 (running kernel: 5.15.64-1-pve)
 
Last edited:
shutch said:
Thanks sterzy.

I was running into this issue on an LXC running Ubuntu 22.10, so ran the same command:

Bash: 
root@code:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.10
Release:        22.10
Codename:       kinetic
root@code:~# find / -name "libsystemd*.so" 2> /dev/null
/usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-251.so
/usr/lib/x86_64-linux-gnu/systemd/libsystemd-core-251.so

On host
Bash: 
pveversion
pve-manager/7.2-11/b76d3178 (running kernel: 5.15.64-1-pve)
Click to expand...

Afaiu the method for detecting the systemd-version inside LXCs changed with one of the last updates: [1].
So I would suggest to update your PVE to the most recent version.

[1] https://forum.proxmox.com/threads/ubuntu-22-04-ct-not-starting.118232/#post-511983
 
  • Like
Reactions: shutch
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back