[SOLVED] Can´t start unprivileged container

T

TechHome

Member
Apr 12, 2020
38
1
13
I can´t start a (restored) unprivileged container. If I create a new unprivileged container I can´t start it also.

Code: 
Apr 13 13:58:51 pve ovs-vsctl[538510]: ovs|00002|db_ctl_base|ERR|unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)
Apr 13 13:58:51 pve lxc-start[538466]: lxc-start: 116: lxccontainer.c: wait_on_daemonized_start: 874 Received container state "ABORTING" instead of "RUNNING"
Apr 13 13:58:51 pve lxc-start[538466]: lxc-start: 116: tools/lxc_start.c: main: 329 The container failed to start
Apr 13 13:58:51 pve lxc-start[538466]: lxc-start: 116: tools/lxc_start.c: main: 332 To get more details, run the container in foreground mode
Apr 13 13:58:51 pve lxc-start[538466]: lxc-start: 116: tools/lxc_start.c: main: 335 Additional information can be obtained by setting the --logfile and --logpriority options
Apr 13 13:58:51 pve systemd[1]: pve-container@116.service: Control process exited, code=exited, status=1/FAILURE
Apr 13 13:58:51 pve systemd[1]: pve-container@116.service: Killing process 538479 (lxc-start) with signal SIGKILL.
Apr 13 13:58:51 pve systemd[1]: pve-container@116.service: Killing process 538553 (apparmor_parser) with signal SIGKILL.
Apr 13 13:58:51 pve systemd[1]: pve-container@116.service: Failed with result 'exit-code'.
Apr 13 13:58:51 pve systemd[1]: Failed to start PVE LXC Container: 116.

My 116.conf:
Code: 
#/etc/pve/lxc/116.conf
arch: amd64
cores: 1
hostname: nginx-proxy-manager
memory: 512
net0: name=eth0,bridge=vmbr0,gw=192.168.1.1,hwaddr=76:4E:01:75:7E:23,ip=192.168.1.14/24,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-lvm:vm-116-disk-0,size=25G
swap: 512
unprivileged: 1


Thanks for help
~Marlon
 
Last edited:
You run a current version? Please post your:

> pveversion -v
 
@tom
Code: 
root@pve:~# pveversion -v
proxmox-ve: 6.1-2 (running kernel: 5.3.18-3-pve)
pve-manager: 6.1-8 (running version: 6.1-8/806edfe1)
pve-kernel-helper: 6.1-8
pve-kernel-5.3: 6.1-6
pve-kernel-5.0: 6.0-11
pve-kernel-4.15: 5.4-6
pve-kernel-5.3.18-3-pve: 5.3.18-3
pve-kernel-5.3.18-2-pve: 5.3.18-2
pve-kernel-5.0.21-5-pve: 5.0.21-10
pve-kernel-4.15.18-18-pve: 4.15.18-44
pve-kernel-4.15.18-12-pve: 4.15.18-36
ceph: 14.2.8-pve1
ceph-fuse: 14.2.8-pve1
corosync: 3.0.3-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: residual config
ifupdown2: 2.0.1-1+pve8
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.15-pve1
libpve-access-control: 6.0-6
libpve-apiclient-perl: 3.0-3
libpve-common-perl: 6.0-17
libpve-guest-common-perl: 3.0-5
libpve-http-server-perl: 3.0-5
libpve-storage-perl: 6.1-5
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 3.2.1-1
lxcfs: 4.0.1-pve1
novnc-pve: 1.1.0-1
openvswitch-switch: residual config
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.1-3
pve-cluster: 6.1-4
pve-container: 3.0-23
pve-docs: 6.1-6
pve-edk2-firmware: 2.20200229-1
pve-firewall: 4.0-10
pve-firmware: 3.0-7
pve-ha-manager: 3.0-9
pve-i18n: 2.0-4
pve-qemu-kvm: 4.1.1-4
pve-xtermjs: 4.3.0-1
qemu-server: 6.1-7
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-1
zfsutils-linux: 0.8.3-pve1
 
Last edited:
please obtain a debug log and post the result here. are you using OVS? could you include your /etc/network/interfaces file?
 
Code: 
root@pve:~# lxc-start -n 116 -F -l DEBUG -o /tmp/lxc-116.log
lxc-start: 116: conf.c: lxc_pivot_root: 1502 Permission denied - Failed to open old root directory
               lxc-start: 116: conf.c: lxc_setup: 3701 Failed to pivot root into rootfs
    lxc-start: 116: start.c: do_start: 1338 Failed to setup container "116"
                                                                           lxc-start: 116: sync.c: __sync_wait: 62 An error occurred in another process (expected sequence number 5)
              lxc-start: 116: start.c: lxc_abort: 1133 Function not implemented - Failed to send SIGKILL to 12691
                              lxc-start: 116: start.c: __lxc_start: 2080 Failed to spawn container "116"
                     lxc-start: 116: tools/lxc_start.c: main: 329 The container failed to start
lxc-start: 116: tools/lxc_start.c: main: 335 Additional information can be obtained by setting the --logfile and --logpriority options


Code: 
root@pve:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno1 inet manual
        mtu 1500

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.8/24
        gateway 192.168.1.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        mtu 1500
I installed OVS, tried and removed it.
 
could you also add the contents of the debug log '/tmp/lxc-116.log' ?
 
could you try rebooting the host and see if the container starts then (with the same debug command to obtain a full log from fresh start) - there seem to be leftover cgroup directories from previous failed attempts to start it.
 
Curious. What do you get from stat / on a shell?
 
wbumiller said:
Curious. What do you get from stat / on a shell?
Click to expand...

Code: 
root@pve:~# stat /
  File: /
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: fd01h/64769d    Inode: 2           Links: 24
Access: (0311/d-wx--x--x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2020-04-16 12:56:17.303996688 +0200
Modify: 2020-04-13 01:31:15.771333658 +0200
Change: 2020-04-13 01:31:15.771333658 +0200
 Birth: -
 
So a regular user cannot even do an ls / on your host? lxc needs to open a file handle to / to switch into the guest file system. That's not possible without read access.
Do you have a reason for this or did it happen by accident somehow? The regular permissions are 0755 for /.
 
wbumiller said:
So a regular user cannot even do an ls / on your host? lxc needs to open a file handle to / to switch into the guest file system. That's not possible without read access.
Do you have a reason for this or did it happen by accident somehow? The regular permissions are 0755 for /.
Click to expand...

Everything worked fine on sunday. I haven't made changes at this time field. By issuing chmod 755 / the problem was fixed. Thank you
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back