LXC Container wont start on Poxmox 6.0-7 with two Intel NVMe

Musfiq

New Member
Oct 2, 2019
6
0
1
46
LXC Container is not starting after fresh installation of Proxmox 6.0.


Showing flowing error:

Job for pve-container@100.service failed because the control process exited with error code.
See "systemctl status pve-container@100.service" and "journalctl -xe" for details.
TASK ERROR: command 'systemctl start pve-container@100' failed: exit code 1
 
Code:
lxc-start 100 20191008095427.814 INFO     confile - confile.c:set_config_idmaps:1673 - Read uid map: type u nsid 0 hostid 100000 range 65536
lxc-start 100 20191008095427.814 INFO     confile - confile.c:set_config_idmaps:1673 - Read uid map: type g nsid 0 hostid 100000 range 65536
lxc-start 100 20191008095427.814 INFO     lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "keyctl errno 38"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for keyctl action 327718(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for keyctl action 327718(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for keyctl action 327718(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for keyctl action 327718(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start 100 20191008095427.814 INFO     conf - conf.c:run_script_argv:356 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "100", config section "lxc"
lxc-start 100 20191008095428.451 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:714 - Using terminal "/dev/tty" as proxy
lxc-start 100 20191008095428.451 DEBUG    terminal - terminal.c:lxc_terminal_signal_init:192 - Created signal fd 9
lxc-start 100 20191008095428.451 DEBUG    terminal - terminal.c:lxc_terminal_winsz:90 - Set window size to 97 columns and 26 rows
lxc-start 100 20191008095428.453 ERROR    apparmor - lsm/apparmor.c:run_apparmor_parser:899 - Failed to run apparmor_parser on "/var/lib/lxc/100/apparmor/lxc-100_<-var-lib-lxc>": AppArmor parser error for /var/lib/lxc/100/apparmor/lxc-100_<-var-lib-lxc> in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
lxc-start 100 20191008095428.454 ERROR    apparmor - lsm/apparmor.c:apparmor_prepare:1071 - Failed to load generated AppArmor profile
lxc-start 100 20191008095428.454 ERROR    start - start.c:lxc_init:901 - Failed to initialize LSM
lxc-start 100 20191008095428.454 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2890 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start 100 20191008095428.454 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2890 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start 100 20191008095428.454 DEBUG    conf - conf.c:lxc_map_ids:2982 - Functional newuidmap and newgidmap binary found
lxc-start 100 20191008095428.457 ERROR    start - start.c:__lxc_start:1944 - Failed to initialize container "100"
lxc-start 100 20191008095428.457 ERROR    lxc_start - tools/lxc_start.c:main:330 - The container failed to start
lxc-start 100 20191008095428.458 ERROR    lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options
 
Need help ...

# systemctl start apparmor
::
Code:
Job for apparmor.service failed because the control process exited with error code.
See "systemctl status apparmor.service" and "journalctl -xe" for details.

# systemctl status apparmor.service
::
Code:
● apparmor.service - Load AppArmor profiles
   Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2019-10-08 10:32:06 UTC; 4min 50s ago
     Docs: man:apparmor(7)
           https://gitlab.com/apparmor/apparmor/wikis/home/
  Process: 19803 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, status=1/FAILURE)
 Main PID: 19803 (code=exited, status=1/FAILURE)

Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: Error: At least one profile failed to lo
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: apparmor.service: Main process exited, code=exited, s
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: apparmor.service: Failed with result 'exit-code'.
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: Failed to start Load AppArmor profiles.

# journalctl -xe
::
Code:
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: Error: At least one profile failed to lo
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: apparmor.service: Main process exited, code=exited, s
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- An ExecStart= process belonging to unit apparmor.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 1.
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: apparmor.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit apparmor.service has entered the 'failed' state with result 'exit-code'.
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: Failed to start Load AppArmor profiles.
-- Subject: A start job for unit apparmor.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit apparmor.service has finished with a failure.
--
-- The job identifier is 775142 and the job result is failed.
 
The exact same situation here

Code:
lxc-start 182 20191010210141.798 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:707 - No such device - The process does not have a controlling terminal
lxc-start 182 20191010210141.800 ERROR    apparmor - lsm/apparmor.c:run_apparmor_parser:899 - Failed to run apparmor_parser on "/var/lib/lxc/182/apparmor/lxc-182_<-var-lib-lxc>": AppArmor parser error for /var/lib/lxc/182/apparmor/lxc-182_<-var-lib-lxc> in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
lxc-start 182 20191010210141.800 ERROR    apparmor - lsm/apparmor.c:apparmor_prepare:1071 - Failed to load generated AppArmor profile
lxc-start 182 20191010210141.800 ERROR    start - start.c:lxc_init:901 - Failed to initialize LSM
lxc-start 182 20191010210141.800 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2890 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start 182 20191010210141.800 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2890 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start 182 20191010210141.800 DEBUG    conf - conf.c:lxc_map_ids:2982 - Functional newuidmap and newgidmap binary found
lxc-start 182 20191010210141.803 ERROR    start - start.c:__lxc_start:1944 - Failed to initialize container "182"
lxc-start 182 20191010210142.138 DEBUG    lxccontainer - lxccontainer.c:wait_on_daemonized_start:853 - First child 1657 exited
lxc-start 182 20191010210142.139 ERROR    lxccontainer - lxccontainer.c:wait_on_daemonized_start:856 - No such file or directory - Failed to receive the container state
lxc-start 182 20191010210142.139 ERROR    lxc_start - tools/lxc_start.c:main:330 - The container failed to start
lxc-start 182 20191010210142.139 ERROR    lxc_start - tools/lxc_start.c:main:333 - To get more details, run the container in foreground mode
lxc-start 182 20191010210142.139 ERROR    lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options

And same problem with apparmor
 
Create file /etc/apparmor.d/tunables/proc with the following content:


# ------------------------------------------------------------------
#
# Copyright (C) 2006 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

# @{PROC} is the location where procfs is mounted.
@{PROC}=/proc/
 
  • Like
Reactions: unam
Thanks for your support. After creating this file LXC container are starting without any error.

But why this file was missing ???
 
Create file /etc/apparmor.d/tunables/proc with the following content:


# ------------------------------------------------------------------
#
# Copyright (C) 2006 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

# @{PROC} is the location where procfs is mounted.
@{PROC}=/proc/

Fine, it is working, thanks.

Anybody knows why this file is missing ? Why does it don't come with an update ?

Regards,
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!