LXC inside Apline Linux LXC

T

timonych

Well-Known Member
Aug 8, 2017
63
20
48
34
Hello Everyone!

As anybody has success in using Any LXC inside Alpine Linux?
I have tryed with configuration with lxc-container-default-with-nesting and with features: nesting=1, but all my attempts has been broken.

arch: amd64
cores: 1
hostname: Practise
memory: 128
net0: name=eth0,bridge=vmbr0,hwaddr=00:FD:45:A6:78:0D,ip=dhcp,type=veth
onboot: 0
ostype: alpine
rootfs: LVM-SSD:vm-120-disk-0,size=1075419545
startup: order=10,up=10
swap: 128
features: nesting=1
#lxc.mount.auto = cgroup:rw
#lxc.apparmor.profile = lxc-container-default-with-nesting
# Working config
lxc.cap.drop:

Also, if I will comment string lxc.cap.drop: I can't create any container inside Alpine.

Code: 
lxc-start python 20181128175106.863 INFO     lxc_start_ui - tools/lxc_start.c:main:280 - using rcfile /var/lib/lxc/python/config
lxc-start python 20181128175106.864 ERROR    lxc_start_ui - tools/lxc_start.c:main:322 - Executing '/sbin/init' with no configuration file may crash the host
lxc-start python 20181128175115.958 INFO     lxc_start_ui - tools/lxc_start.c:main:280 - using rcfile /var/lib/lxc/python/config
lxc-start python 20181128175115.960 INFO     lxc_container - lxccontainer.c:do_lxcapi_start:883 - Attempting to set proc title to [lxc monitor] /var/lib/lxc python
lxc-start python 20181128175115.961 INFO     lxc_start - start.c:lxc_check_inherited:257 - Closed inherited fd: 3.
lxc-start python 20181128175115.961 INFO     lxc_seccomp - seccomp.c:use_seccomp:722 - Already seccomp-confined, not loading new policy.
lxc-start python 20181128175115.961 WARN     lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc-start python 20181128175115.961 WARN     lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc-start python 20181128175115.961 DEBUG    lxc_start - start.c:setup_signal_fd:301 - Set SIGCHLD handler with file descriptor: 3.
lxc-start python 20181128175115.961 DEBUG    console - console.c:lxc_console_peer_default:450 - process does not have a controlling terminal
lxc-start python 20181128175115.961 INFO     lxc_start - start.c:lxc_init:680 - container "python" is initialized
lxc-start python 20181128175115.962 INFO     lxc_network - network.c:instantiate_veth:171 - Retrieved mtu 1500 from lxcbr0
lxc-start python 20181128175115.963 INFO     lxc_network - network.c:instantiate_veth:197 - Attached "vethKGEG1N" to bridge "lxcbr0"
lxc-start python 20181128175115.963 DEBUG    lxc_network - network.c:instantiate_veth:214 - Instantiated veth "vethKGEG1N/vethSQL2H4", index is "5"
lxc-start python 20181128175115.963 INFO     lxc_cgroup - cgroups/cgroup.c:cgroup_init:67 - cgroup driver cgroupfs initing for python
lxc-start python 20181128175115.964 ERROR    lxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_create:901 - Could not find writable mount point for cgroup hierarchy 6 while trying to create cgroup.
lxc-start python 20181128175115.964 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Resource busy - Failed to delete /sys/fs/cgroup/memory/
lxc-start python 20181128175115.964 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Resource busy - Failed to delete /sys/fs/cgroup/perf_event/
lxc-start python 20181128175115.964 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Resource busy - Failed to delete /sys/fs/cgroup/devices/
lxc-start python 20181128175115.964 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Resource busy - Failed to delete /sys/fs/cgroup/hugetlb/
lxc-start python 20181128175115.964 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Resource busy - Failed to delete /sys/fs/cgroup/cpuset/
lxc-start python 20181128175115.965 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Resource busy - Failed to delete /sys/fs/cgroup/rdma/
lxc-start python 20181128175115.965 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Resource busy - Failed to delete /sys/fs/cgroup/pids/
lxc-start python 20181128175115.965 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Resource busy - Failed to delete /sys/fs/cgroup/blkio/
lxc-start python 20181128175115.965 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:209 - Resource busy - Failed to delete /sys/fs/cgroup/freezer/
lxc-start python 20181128175115.965 ERROR    lxc_start - start.c:lxc_spawn:1221 - Failed creating cgroups.
lxc-start python 20181128175116.980 INFO     lxc_network - network.c:lxc_delete_network_priv:2539 - Removed interface "(null)" with index 5
lxc-start python 20181128175116.154 WARN     lxc_network - network.c:lxc_delete_network_priv:2557 - Failed to remove interface "vethKGEG1N" from "lxcbr0": Invalid argument
lxc-start python 20181128175116.155 DEBUG    lxc_network - network.c:lxc_delete_network:3124 - Deleted network devices
lxc-start python 20181128175116.157 ERROR    lxc_container - lxccontainer.c:wait_on_daemonized_start:760 - Received container state "ABORTING" instead of "RUNNING"
lxc-start python 20181128175116.158 ERROR    lxc_start_ui - tools/lxc_start.c:main:371 - The container failed to start.
lxc-start python 20181128175116.159 ERROR    lxc_start_ui - tools/lxc_start.c:main:373 - To get more details, run the container in foreground mode.
lxc-start python 20181128175116.159 ERROR    lxc_start_ui - tools/lxc_start.c:main:375 - Additional information can be obtained by setting the --logfile and --logpriority options.
lxc-start python 20181128175116.167 WARN     lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc-start python 20181128175116.167 WARN     lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc-start python 20181128175116.168 ERROR    lxc_start - start.c:__lxc_start:1459 - Failed to spawn container "python".
lxc-start python 20181128175116.169 WARN     lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc-start python 20181128175116.169 WARN     lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc-start python 20181128175116.170 WARN     lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.
lxc-start python 20181128175116.171 WARN     lxc_monitor - monitor.c:lxc_monitor_fifo_send:111 - Failed to open fifo to send message: No such file or directory.

proxmox-ve: 5.2-2 (running kernel: 4.15.18-9-pve)
pve-manager: 5.2-11 (running version: 5.2-11/13c2da63)
pve-kernel-4.15: 5.2-12
pve-kernel-4.15.18-9-pve: 4.15.18-30
pve-kernel-4.15.18-8-pve: 4.15.18-28
pve-kernel-4.15.18-7-pve: 4.15.18-27
pve-kernel-4.15.18-5-pve: 4.15.18-24
pve-kernel-4.15.18-4-pve: 4.15.18-23
corosync: 2.4.4-pve1
criu: 2.11.1-1~bpo90
glusterfs-client: 3.8.8-1
ksm-control-daemon: not correctly installed
libjs-extjs: 6.0.1-2
libpve-access-control: 5.1-1
libpve-apiclient-perl: 2.0-5
libpve-common-perl: 5.0-41
libpve-guest-common-perl: 2.0-18
libpve-http-server-perl: 2.0-11
libpve-storage-perl: 5.0-30
libqb0: 1.0.3-1~bpo9
lvm2: 2.02.168-pve6
lxc-pve: 3.0.2+pve1-3
lxcfs: 3.0.2-2
novnc-pve: 1.0.0-2
proxmox-widget-toolkit: 1.0-20
pve-cluster: 5.0-30
pve-container: 2.0-29
pve-docs: 5.2-10
pve-edk2-firmware: 1.20181023-1
pve-firewall: 3.0-14
pve-firmware: 2.0-6
pve-ha-manager: 2.0-5
pve-i18n: 1.0-6
pve-libspice-server1: 0.14.1-1
pve-qemu-kvm: 2.12.1-1
pve-xtermjs: 1.0-5
qemu-server: 5.0-40
smartmontools: 6.5+svn4324-1
spiceterm: 3.0-5
vncterm: 1.5-3

BY the way with Debian LXC I can start any LXC inside
 
The alpine config does drop a number of additional capabilities. I'd recommend using an unprivileged container which won't have that problem ;-)
Alternatively you can try using the default value for lxc.cap.drop via
Code: 
lxc.cap.drop =
lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
(yes, both lines are needed)
 
Thanks for answer and recommendation, but all this methods didn't help me :(

If I put this lines into config
Code: 
lxc.cap.drop =
lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio
Nothing changes for me. Lxc doesn't start.

If I will use unprivileged container I receive such error (I can't create container).
Code: 
mknod: dev/zero: Operation not permitted
lxc-create: bash: lxccontainer.c: create_run_template: 1473 container creation template for bash failed
lxc-create: bash: tools/lxc_create.c: main: 329 Error creating container bash
I have tryed using in config such lines as I have used in privileged and lines which You have recommended - but nothing helps.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom