[libvirt] [PATCH v3 00/12] Add user namespace support for libvirt lxc

Mon Jun 10 19:53:11 UTC 2013

Am 10.06.2013 21:17, schrieb Richard Weinberger:
> Hi!
>
> Am 04.06.2013 13:03, schrieb Daniel P. Berrange:
>>> It's still under review. needs some ACK.
>>> If you can help to test or ACK this patchset, it will be very helpful. :)
>>>
>>> Actually, I just want to ping...
>>
>> I've been away on holiday for 2 weeks, so not had a chance to review
>> it yet. I'll get to it this week. I hope we'll get this in the 1.0.6
>> release this month.
>
> Finally I've found some time to test version 4 of the userns patch set.
> But I'm unable to create a container.
>
> ---cut---
> linux:~ # LANG=C /opt/libvirt/bin/virsh -c lxc:/// create c1.conf
> error: Failed to create domain from c1.conf
> error: Interner Fehler guest failed to start: PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=3f86c48b-b027-4838-ba17-6202a1d7398b
> LIBVIRT_LXC_UUID=3f86c48b-b027-4838-ba17-6202a1d7398b LIBVIRT_LXC_NAME=c1 /bin/bash
> error receiving signal from container: Input/output error
> ---cut---
>
> lxcContainerWaitForContinue() in src/lxc/lxc_controller.c fails with EIO.
> Maybe because the clone()'ed child dies and the file descriptor used for synchronization becomes invalid.
>
> Here my container config:
> ---cut---
> <domain type='lxc'>
>    <name>c1</name>
>    <memory>102400</memory>
>    <os>
>      <type>exe</type>
>      <init>/bin/bash</init>
>    </os>
>    <idmap>
>          <uid start='0' target='100000' count='100000'/>
>          <gid start='0' target='100000' count='100000'/>
>    </idmap>
>    <devices>
>      <console type='pty'/>
>          <filesystem type='mount'>
>            <source dir='/root/c1/rootfs'/>
>            <target dir='/'/>
>          </filesystem>
>    </devices>
> </domain>
> ---cut---
>
> Any ideas how to debug this further?
> This is Linux 3.9.0 with all namespaces enabled.

Whoops, forgot to add the libvirtd debug output:

---cut---
2013-06-10 19:41:24.661+0000: 29211: debug : virCommandRunAsync:2241 : About to run 
PATH=/usr/lib64/mpi/gcc/openmpi/bin:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games LIBVIRT_DEBUG=1 LIBVIRT_LOG_OUTPUTS=1:stderr 
/opt/libvirt/lib/libvirt_lxc --name c1 --console 20 --security=none --handshake 23 --background
2013-06-10 19:41:24.663+0000: 29211: debug : virFileClose:90 : Closed fd 24
2013-06-10 19:41:24.663+0000: 29211: debug : virCommandRunAsync:2246 : Command result 0, with PID 29303
2013-06-10 19:41:24.664+0000: 29303: debug : virFileClose:90 : Closed fd 3
2013-06-10 19:41:24.665+0000: 29303: debug : virFileClose:90 : Closed fd 4
2013-06-10 19:41:24.666+0000: 29303: debug : virFileClose:90 : Closed fd 5
2013-06-10 19:41:24.666+0000: 29303: debug : virFileClose:90 : Closed fd 6
2013-06-10 19:41:24.667+0000: 29303: debug : virFileClose:90 : Closed fd 7
2013-06-10 19:41:24.667+0000: 29303: debug : virFileClose:90 : Closed fd 8
2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 9
2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 10
2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 11
2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 12
2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 13
2013-06-10 19:41:24.669+0000: 29303: debug : virFileClose:90 : Closed fd 14
2013-06-10 19:41:24.669+0000: 29303: debug : virFileClose:90 : Closed fd 15
2013-06-10 19:41:24.670+0000: 29303: debug : virFileClose:90 : Closed fd 16
2013-06-10 19:41:24.670+0000: 29303: debug : virFileClose:90 : Closed fd 17
2013-06-10 19:41:24.670+0000: 29303: debug : virFileClose:90 : Closed fd 18
2013-06-10 19:41:24.671+0000: 29303: debug : virFileClose:90 : Closed fd 19
2013-06-10 19:41:24.671+0000: 29303: debug : virFileClose:90 : Closed fd 22
2013-06-10 19:41:24.790+0000: 29211: debug : virCommandRun:2115 : Result status 0, stdout: '(null)' stderr: '(null)'
---cut---

Looks like libvirt_lxc was executed and died silently.

Thanks,
//richard