LCX not starting after upgrading PVe from 9.1.x to 9.2.2 - Mount fails

[An.drea]

Hello,

same here but with kernel.yama.ptrace_scope = 1 (never touched, I a pretty sure)

EDIT: Problem found, a missing directory (which is not essential for that container):

root@pve:/var/lib/lxc/102# pct start 110 -debug
run_buffer: 569 Script exited with status 2
lxc_init: 1037 Failed to run lxc.hook.pre-start for container "110"
__lxc_start: 2208 Failed to initialize container "110"
0 hostid 100000 range 65536
INFO lsm - ../src/lxc/lsm/lsm.c:lsm_init_static:38 - Initialized LSM security driver AppArmor
INFO utils - ../src/lxc/utils.c:run_script_argv:585 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "110", config section "lxc"
DEBUG utils - ../src/lxc/utils.c:run_buffer:558 - Script exec /usr/share/lxc/hooks/lxc-pve-prestart-hook '110' 'lxc' 'pre-start' produced output: directory '/mnt/OMV-Axxx/scan' does not exist

ERROR utils - ../src/lxc/utils.c:run_buffer:569 - Script exited with status 2
ERROR start - ../src/lxc/start.c:lxc_init:1037 - Failed to run lxc.hook.pre-start for container "110"
ERROR start - ../src/lxc/start.c:__lxc_start:2208 - Failed to initialize container "110"
INFO utils - ../src/lxc/utils.c:run_script_argv:585 - Executing script "/usr/share/lxc/hooks/lxc-pve-poststop-hook" for container "110", config section "lxc"
startup for container '110' failed

Cheers
An.drea

 

[Impact]

directory '/mnt/OMV-Astro/scan' does not exist

Totally different issue.

 

[elendiir]

@fabian: ptrace_Scope gets not set via /lib/sysctl.d. The directory /usr/local/lib/sysctl.d does not exist.
I think I will try to reboot one server tomorrow morning. Let see to what the value of kernel.yama.ptrace_scope will be set to.
And let's hope that we will have a working LXC-environment after a clean restart.

By the way: I am quite sure that I have never touched this setting, neither for the home-lab nor for the company environment.

I will keep you guys updated. Thanks for you help so far! I am still glad that we have changed from VMWare VSphere to Proxmox.

 

[elendiir]

Good morning,

and good news. After moving all important VMs to the other two servers I have been able to reboot the first Proxmox server.

Before the reboot the two mitigations for the recent kernel security issues (Copy Fail and Dirty Frag Exploit) haven been disabled. After the server reboot the before non-working LXC started up automatically. Also kernel.yama.ptrace_scope is now set to 1.

I still do have no idea what targeted the change to the higher value of 3.

Anyhow, thanks for your help again. I am pretty sure that without your support I would never have found the issue.

Cheers

Fritz

 

[fabian]

it seems very likely that somebody (temporarily) disabled ptrace completely then as part of mitigating CVE-2026-46333