LXC Container wont start on Poxmox 6.0-7 with two Intel NVMe

M

Musfiq

New Member
Oct 2, 2019
6
0
1
47
LXC Container is not starting after fresh installation of Proxmox 6.0.


Showing flowing error:

Job for pve-container@100.service failed because the control process exited with error code.
See "systemctl status pve-container@100.service" and "journalctl -xe" for details.
TASK ERROR: command 'systemctl start pve-container@100' failed: exit code 1
 
Code: 
lxc-start 100 20191008095427.814 INFO     confile - confile.c:set_config_idmaps:1673 - Read uid map: type u nsid 0 hostid 100000 range 65536
lxc-start 100 20191008095427.814 INFO     confile - confile.c:set_config_idmaps:1673 - Read uid map: type g nsid 0 hostid 100000 range 65536
lxc-start 100 20191008095427.814 INFO     lsm - lsm/lsm.c:lsm_init:50 - LSM security driver AppArmor
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:do_resolve_add_rule:505 - Set seccomp rule to reject force umounts
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "[all]"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "kexec_load errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "open_by_handle_at errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "init_module errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "finit_module errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "delete_module errno 1"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:759 - Processing "keyctl errno 38"
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:937 - Added native rule for arch 0 for keyctl action 327718(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:946 - Added compat rule for arch 1073741827 for keyctl action 327718(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:956 - Added compat rule for arch 1073741886 for keyctl action 327718(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:966 - Added native rule for arch -1073741762 for keyctl action 327718(errno)
lxc-start 100 20191008095427.814 INFO     seccomp - seccomp.c:parse_config_v2:970 - Merging compat seccomp contexts into main context
lxc-start 100 20191008095427.814 INFO     conf - conf.c:run_script_argv:356 - Executing script "/usr/share/lxc/hooks/lxc-pve-prestart-hook" for container "100", config section "lxc"
lxc-start 100 20191008095428.451 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:714 - Using terminal "/dev/tty" as proxy
lxc-start 100 20191008095428.451 DEBUG    terminal - terminal.c:lxc_terminal_signal_init:192 - Created signal fd 9
lxc-start 100 20191008095428.451 DEBUG    terminal - terminal.c:lxc_terminal_winsz:90 - Set window size to 97 columns and 26 rows
lxc-start 100 20191008095428.453 ERROR    apparmor - lsm/apparmor.c:run_apparmor_parser:899 - Failed to run apparmor_parser on "/var/lib/lxc/100/apparmor/lxc-100_<-var-lib-lxc>": AppArmor parser error for /var/lib/lxc/100/apparmor/lxc-100_<-var-lib-lxc> in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
lxc-start 100 20191008095428.454 ERROR    apparmor - lsm/apparmor.c:apparmor_prepare:1071 - Failed to load generated AppArmor profile
lxc-start 100 20191008095428.454 ERROR    start - start.c:lxc_init:901 - Failed to initialize LSM
lxc-start 100 20191008095428.454 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2890 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start 100 20191008095428.454 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2890 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start 100 20191008095428.454 DEBUG    conf - conf.c:lxc_map_ids:2982 - Functional newuidmap and newgidmap binary found
lxc-start 100 20191008095428.457 ERROR    start - start.c:__lxc_start:1944 - Failed to initialize container "100"
lxc-start 100 20191008095428.457 ERROR    lxc_start - tools/lxc_start.c:main:330 - The container failed to start
lxc-start 100 20191008095428.458 ERROR    lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options
 
Need help ...

# systemctl start apparmor
::
Code: 
Job for apparmor.service failed because the control process exited with error code.
See "systemctl status apparmor.service" and "journalctl -xe" for details.

# systemctl status apparmor.service
::
Code: 
● apparmor.service - Load AppArmor profiles
   Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2019-10-08 10:32:06 UTC; 4min 50s ago
     Docs: man:apparmor(7)
           https://gitlab.com/apparmor/apparmor/wikis/home/
  Process: 19803 ExecStart=/lib/apparmor/apparmor.systemd reload (code=exited, status=1/FAILURE)
 Main PID: 19803 (code=exited, status=1/FAILURE)

Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: Error: At least one profile failed to lo
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: apparmor.service: Main process exited, code=exited, s
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: apparmor.service: Failed with result 'exit-code'.
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: Failed to start Load AppArmor profiles.

# journalctl -xe
::
Code: 
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: AppArmor parser error for /etc/apparmor.
Oct 08 10:32:06 ovh-01-hpr-prox apparmor.systemd[19803]: Error: At least one profile failed to lo
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: apparmor.service: Main process exited, code=exited, s
-- Subject: Unit process exited
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- An ExecStart= process belonging to unit apparmor.service has exited.
--
-- The process' exit code is 'exited' and its exit status is 1.
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: apparmor.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- The unit apparmor.service has entered the 'failed' state with result 'exit-code'.
Oct 08 10:32:06 ovh-01-hpr-prox systemd[1]: Failed to start Load AppArmor profiles.
-- Subject: A start job for unit apparmor.service has failed
-- Defined-By: systemd
-- Support: https://www.debian.org/support
--
-- A start job for unit apparmor.service has finished with a failure.
--
-- The job identifier is 775142 and the job result is failed.
 
The exact same situation here

Code: 
lxc-start 182 20191010210141.798 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:707 - No such device - The process does not have a controlling terminal
lxc-start 182 20191010210141.800 ERROR    apparmor - lsm/apparmor.c:run_apparmor_parser:899 - Failed to run apparmor_parser on "/var/lib/lxc/182/apparmor/lxc-182_<-var-lib-lxc>": AppArmor parser error for /var/lib/lxc/182/apparmor/lxc-182_<-var-lib-lxc> in /etc/apparmor.d/tunables/global at line 17: Could not open 'tunables/proc'
lxc-start 182 20191010210141.800 ERROR    apparmor - lsm/apparmor.c:apparmor_prepare:1071 - Failed to load generated AppArmor profile
lxc-start 182 20191010210141.800 ERROR    start - start.c:lxc_init:901 - Failed to initialize LSM
lxc-start 182 20191010210141.800 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2890 - The binary "/usr/bin/newuidmap" does have the setuid bit set
lxc-start 182 20191010210141.800 DEBUG    conf - conf.c:idmaptool_on_path_and_privileged:2890 - The binary "/usr/bin/newgidmap" does have the setuid bit set
lxc-start 182 20191010210141.800 DEBUG    conf - conf.c:lxc_map_ids:2982 - Functional newuidmap and newgidmap binary found
lxc-start 182 20191010210141.803 ERROR    start - start.c:__lxc_start:1944 - Failed to initialize container "182"
lxc-start 182 20191010210142.138 DEBUG    lxccontainer - lxccontainer.c:wait_on_daemonized_start:853 - First child 1657 exited
lxc-start 182 20191010210142.139 ERROR    lxccontainer - lxccontainer.c:wait_on_daemonized_start:856 - No such file or directory - Failed to receive the container state
lxc-start 182 20191010210142.139 ERROR    lxc_start - tools/lxc_start.c:main:330 - The container failed to start
lxc-start 182 20191010210142.139 ERROR    lxc_start - tools/lxc_start.c:main:333 - To get more details, run the container in foreground mode
lxc-start 182 20191010210142.139 ERROR    lxc_start - tools/lxc_start.c:main:336 - Additional information can be obtained by setting the --logfile and --logpriority options

And same problem with apparmor
 
Create file /etc/apparmor.d/tunables/proc with the following content:


# ------------------------------------------------------------------
#
# Copyright (C) 2006 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

# @{PROC} is the location where procfs is mounted.
@{PROC}=/proc/
 
  • Like
Reactions: unam
Thanks for your support. After creating this file LXC container are starting without any error.

But why this file was missing ???
 
pzientar said:
Create file /etc/apparmor.d/tunables/proc with the following content:


# ------------------------------------------------------------------
#
# Copyright (C) 2006 Novell/SUSE
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of version 2 of the GNU General Public
# License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

# @{PROC} is the location where procfs is mounted.
@{PROC}=/proc/
Click to expand...

Fine, it is working, thanks.

Anybody knows why this file is missing ? Why does it don't come with an update ?

Regards,
 
You must log in or register to reply here.
Top Bottom