F27 Unprivileged Container SystemD Issues

Sep 2, 2018
13
4
3
New prox install. I created a F27 unprivileged container and systemd (really everything) is not working. The CT does not get networking. Simple commands like "systemctl status" fail with "Failed to connect to bus: No such file or directory". F27 in privileged container works fine. Example output below.

[root@fedora-unpriv-test /]# systemctl status
Failed to connect to bus: No such file or directory
[root@fedora-unpriv-test /]# journalctl -xe
No journal files were found.
-- No entries --
[root@fedora-unpriv-test /]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 1e:dc:d1:92:f7:0a brd ff:ff:ff:ff:ff:ff link-netnsid 0
Is there a fix for this?
 
Running the container in debug mode, I get this output.

Code:
root@vs1:~# lxc-start -n 100 -F -l DEBUG -o /tmp/lxc-100.log
systemd 234 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN default-hierarchy=hybrid)
Detected virtualization lxc.
Detected architecture x86-64.
Welcome to Fedora 27 (Twenty Seven)!
Set hostname to <fed-unpriv-test>.
Failed to read AF_UNIX datagram queue length, ignoring: No such file or directory
Failed to create /init.scope control group: Permission denied
Failed to allocate manager object: Permission denied
[!!!!!!] Failed to allocate manager object, freezing.
Freezing execution.

This issue looks very similar to https://github.com/lxc/lxc/issues/1678
Debug log attached.
 

Attachments

  • lxc-100.log
    17.4 KB · Views: 1
Last edited:
Hello,

Has this ever been resolved?

EDIT: Actually, this was fixed in systemd but unfortunately, openSUSE Leap 15.0 will fail to start as unprivileged.

Cheers
 
Last edited:
Actually, this was fixed in systemd but unfortunately, openSUSE Leap 15.0 will fail to start as unprivileged.

Hi,
we're aware of the issue with unprivileged openSUSE containers. See: https://forum.proxmox.com/threads/opensuse-containers-problem.52520/

Unfortunately we don't really know what's causing this (but I guess it has to do with openSUSE upstream code (possibly related with the network manager -wicked- too) and how it plays along with containers in general) and the only way to run openSUSE containers ATM is to run them privileged.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!