Re: [libvirt] [PATCH v3 00/12] Add user namespace support for libvirt lxc

Am 10.06.2013 21:53, schrieb Richard Weinberger: > Am 10.06.2013 21:17, schrieb Richard Weinberger: >> Hi! >> >> Am 04.06.2013 13:03, schrieb Daniel P. Berrange: >>>> It's still under review. needs some ACK. >>>> If you can help to test or ACK this patchset, it will be very helpful. :) >>>> >>>> Actually, I just want to ping... >>> >>> I've been away on holiday for 2 weeks, so not had a chance to review >>> it yet. I'll get to it this week. I hope we'll get this in the 1.0.6 >>> release this month. >> >> Finally I've found some time to test version 4 of the userns patch set. >> But I'm unable to create a container. >> >> ---cut--- >> linux:~ # LANG=C /opt/libvirt/bin/virsh -c lxc:/// create c1.conf >> error: Failed to create domain from c1.conf >> error: Interner Fehler guest failed to start: PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=3f86c48b-b027-4838-ba17-6202a1d7398b >> LIBVIRT_LXC_UUID=3f86c48b-b027-4838-ba17-6202a1d7398b LIBVIRT_LXC_NAME=c1 /bin/bash >> error receiving signal from container: Input/output error >> ---cut--- >> >> lxcContainerWaitForContinue() in src/lxc/lxc_controller.c fails with EIO. >> Maybe because the clone()'ed child dies and the file descriptor used for synchronization becomes invalid. >> >> Here my container config: >> ---cut--- >> <domain type='lxc'> >> <name>c1</name> >> <memory>102400</memory> >> <os> >> <type>exe</type> >> <init>/bin/bash</init> >> </os> >> <idmap> >> <uid start='0' target='100000' count='100000'/> >> <gid start='0' target='100000' count='100000'/> >> </idmap> >> <devices> >> <console type='pty'/> >> <filesystem type='mount'> >> <source dir='/root/c1/rootfs'/> >> <target dir='/'/> >> </filesystem> >> </devices> >> </domain> >> ---cut--- >> >> Any ideas how to debug this further? >> This is Linux 3.9.0 with all namespaces enabled. > > Whoops, forgot to add the libvirtd debug output: > > ---cut--- > 2013-06-10 19:41:24.661+0000: 29211: debug : virCommandRunAsync:2241 : About to run > PATH=/usr/lib64/mpi/gcc/openmpi/bin:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games LIBVIRT_DEBUG=1 LIBVIRT_LOG_OUTPUTS=1:stderr > /opt/libvirt/lib/libvirt_lxc --name c1 --console 20 --security=none --handshake 23 --background > 2013-06-10 19:41:24.663+0000: 29211: debug : virFileClose:90 : Closed fd 24 > 2013-06-10 19:41:24.663+0000: 29211: debug : virCommandRunAsync:2246 : Command result 0, with PID 29303 > 2013-06-10 19:41:24.664+0000: 29303: debug : virFileClose:90 : Closed fd 3 > 2013-06-10 19:41:24.665+0000: 29303: debug : virFileClose:90 : Closed fd 4 > 2013-06-10 19:41:24.666+0000: 29303: debug : virFileClose:90 : Closed fd 5 > 2013-06-10 19:41:24.666+0000: 29303: debug : virFileClose:90 : Closed fd 6 > 2013-06-10 19:41:24.667+0000: 29303: debug : virFileClose:90 : Closed fd 7 > 2013-06-10 19:41:24.667+0000: 29303: debug : virFileClose:90 : Closed fd 8 > 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 9 > 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 10 > 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 11 > 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 12 > 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 13 > 2013-06-10 19:41:24.669+0000: 29303: debug : virFileClose:90 : Closed fd 14 > 2013-06-10 19:41:24.669+0000: 29303: debug : virFileClose:90 : Closed fd 15 > 2013-06-10 19:41:24.670+0000: 29303: debug : virFileClose:90 : Closed fd 16 > 2013-06-10 19:41:24.670+0000: 29303: debug : virFileClose:90 : Closed fd 17 > 2013-06-10 19:41:24.670+0000: 29303: debug : virFileClose:90 : Closed fd 18 > 2013-06-10 19:41:24.671+0000: 29303: debug : virFileClose:90 : Closed fd 19 > 2013-06-10 19:41:24.671+0000: 29303: debug : virFileClose:90 : Closed fd 22 > 2013-06-10 19:41:24.790+0000: 29211: debug : virCommandRun:2115 : Result status 0, stdout: '(null)' stderr: '(null)' > ---cut--- > > Looks like libvirt_lxc was executed and died silently. Found the problem. /opt/libvirt/var/log/libvirt/lxc/c1.log contained the info I needed. Search permissions for /root were missing. m( Would be nice if virsh would be able to tell one this...

Thanks, //richard