Unable to start Linux container on Fedora 29

asked 2019-01-07 14:28:23 -0600

bob323 gravatar image

updated 2019-01-08 09:21:52 -0600

On Fedora 29, I created a Fedora 29 lxc container following the directions on linuxcontainers.org. When I try to run lxc-start -n my-container -d I get the following error:

$ lxc-start -n my-container -d
lxc-start: my-container: lxccontainer.c: wait_on_daemonized_start: 833 No such file or directory - Failed to receive the container state
lxc-start: my-container: tools/lxc_start.c: main: 330 The container failed to start
lxc-start: my-container: tools/lxc_start.c: main: 333 To get more details, run the container in foreground mode
lxc-start: my-container: tools/lxc_start.c: main: 336 Additional information can be obtained by setting the --logfile and --logpriority options

Checking dmesg:

[  827.814595] lxc-start[5653]: segfault at 0 ip 00007f240d97a5e1 sp 00007ffd82a2f480 error 4 in liblxc.so.1.4.0[7f240d962000+86000]
[  827.814602] Code: fe ff 48 89 df e8 4f a6 fe ff 4a 8d 44 25 00 c7 44 24 14 00 00 00 00 48 89 44 24 18 48 8d 44 24 20 48 89 44 24 08 49 8b 45 28 <4c> 8b 38 4d 85 ff 0f 84 a3 01 00 00 45 31 e4 31 db eb 54 0f 1f 40

From what I've found online, it looks like a segfault in lxc-start in liblxc.so is caused by a mismatch between lxc-libs and lxc versions. Strangely, when I search for lxc using dnf, there are a bunch of duplicated entries:

$ dnf search lxc
==================== Name Exactly Matched: lxc ====================
lxc.x86_64 : Linux Resource Containers
lxc.x86_64 : Linux Resource Containers
==================== Name & Summary Matched: lxc ====================
lua-lxc.x86_64 : Lua binding for LXC
lua-lxc.x86_64 : Lua binding for LXC
lxc-doc.noarch : Documentation for lxc
lxc-doc.noarch : Documentation for lxc
lxc-templates.x86_64 : Templates for lxc
lxc-templates.x86_64 : Templates for lxc
python3-lxc.x86_64 : Python binding for LXC
python3-lxc.x86_64 : Python binding for LXC
lxcfs.x86_64 : FUSE based filesystem for LXC
lxc-devel.i686 : Development files for lxc
lxc-devel.x86_64 : Development files for lxc
lxcfs.x86_64 : FUSE based filesystem for LXC
python2-lxc.x86_64 : Python2 bindings for LXC
vagrant-lxc.noarch : LXC provider for vagrant
python2-lxc.x86_64 : Python2 bindings for LXC
vagrant-lxc.noarch : LXC provider for vagrant
lxc-libs.x86_64 : Runtime library files for lxc
lxc-libs.i686 : Runtime library files for lxc
lxc-libs.x86_64 : Runtime library files for lxc
vagrant-lxc-doc.noarch : Documentation for vagrant-lxc
libvirt-daemon-driver-lxc.x86_64 : LXC driver plugin for the libvirtd daemon
libvirt-daemon-driver-lxc.x86_64 : LXC driver plugin for the libvirtd daemon
libvirt-daemon-lxc.x86_64 : Server side daemon & driver required to run LXC guests
libvirt-daemon-lxc.x86_64 : Server side daemon & driver required to run LXC guests
==================== Name Matched: lxc ====================
clxclient.i686 : C++ X Windows Library
clxclient.x86_64 : C++ X Windows Library
clxclient-devel.i686 : C++ X Windows Library Development Files
clxclient-devel.x86_64 : C++ X Windows Library Development Files
==================== Summary Matched: lxc ====================
libvirt-login-shell.x86_64 : Login shell for connecting users to an LXC container
libvirt-login-shell.x86_64 : Login shell for connecting users to an LXC container

Both lxc and lxc-libs are at version 3.0.3-1, so the problem doesn't seem to be a version mismatch. What else could cause this?

Edit: I tried downgrading ... (more)

edit retag flag offensive close merge delete

Comments

I've made progress: compiling and installing cgmanager from the linuxcontainer website didn't do anything towards solving the problem. I did find a copr repo that seemed related and between following the directions in there and following the directions in this StackExchange answer I was able to start a privileged container. I'll post an update if I'm able to start an unprivileged container too.

bob323 gravatar imagebob323 ( 2019-01-08 09:58:57 -0600 )edit

cgmanager is incompatible with systemd. I'd try with systemd-nspawn containers, instead If you wanted to run an unprivileged container, you should tune Polkit to let machinectl achieve it

q2dg gravatar imageq2dg ( 2019-01-08 14:23:39 -0600 )edit

Alright, I uninstalled cgmanager. I was never able to get networking to work on the privileged container, and I still can't create an unprivileged container. Searching for "polkit enable unprivileged container" doesn't bring up many useful results; this question was the second of the results I got. How can I tune Polkit to do that?

bob323 gravatar imagebob323 ( 2019-01-09 10:04:59 -0600 )edit

I'm writing from memory: in /usr/share/polkit-1/rules.d there must be a *.rules file related to machinectl. Inside this you should change all "admin" or "admin_keep" words by "yes". And that's all.

q2dg gravatar imageq2dg ( 2019-01-11 10:02:40 -0600 )edit

I looked through every file in that directory and I don't have any that reference machinectl. I'll keep looking, maybe one needs to be created.

bob323 gravatar imagebob323 ( 2019-01-13 22:19:15 -0600 )edit