Lxc automount fails for sysfs

adhicode · December 1, 2022, 7:46am

# conf.c: lxc_mount_auto_mounts: 801 Operation not permitted - Failed to mount "sysfs" on "/opt/lxc/NOS/Sense/root/sys" with flags 0

More info:
lxc-start.log:
lxc-start Sense 20221101034550.108 ERROR cgfsng - cgroups/cgfsng.c:__cgroup_tree_create:771 - File exists - Creating the final cgroup 11(lxc.payload.Sense) failed
lxc-start Sense 20221101034550.108 ERROR cgfsng - cgroups/cgfsng.c:cgroup_tree_create:831 - File exists - Failed to create payload cgroup 11(lxc.payload.Sense)
lxc-start Sense 20221101034550.108 ERROR cgfsng - cgroups/cgfsng.c:__cgroup_tree_create:771 - File exists - Creating the final cgroup 11(lxc.payload.Sense-1) failed
lxc-start Sense 20221101034550.108 ERROR cgfsng - cgroups/cgfsng.c:cgroup_tree_create:831 - File exists - Failed to create payload cgroup 11(lxc.payload.Sense-1)
lxc-start Sense 20221101034550.110 ERROR utils - utils.c:lxc_can_use_pidfd:1772 - Kernel does not support pidfds
lxc-start Sense 20221101034550.114 ERROR utils - utils.c:safe_mount:1198 - Operation not permitted - Failed to mount "sysfs" onto "/opt/lxc/NOS/Sense/root/sys"
lxc-start Sense 20221101034550.115 ERROR conf - conf.c:lxc_mount_auto_mounts:801 - Operation not permitted - Failed to mount "sysfs" on "/opt/lxc/NOS/Sense/root/sys" with flags 15
lxc-start Sense 20221101034550.115 ERROR conf - conf.c:lxc_setup:4094 - Failed to setup first automatic mounts
lxc-start Sense 20221101034550.115 ERROR start - start.c:do_start:1291 - Failed to setup container "Sense"
lxc-start Sense 20221101034550.115 ERROR sync - sync.c:sync_wait:36 - An error occurred in another process (expected sequence number 3)
lxc-start Sense 20221101034550.115 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:869 - Received container state "ABORTING" instead of "RUNNING"
lxc-start Sense 20221101034550.115 ERROR lxc_start - tools/lxc_start.c:main:308 - The container failed to start
lxc-start Sense 20221101034550.115 ERROR lxc_start - tools/lxc_start.c:main:311 - To get more details, run the container in foreground mode
lxc-start Sense 20221101034550.115 ERROR lxc_start - tools/lxc_start.c:main:314 - Additional information can be obtained by setting the --logfile and --logpriority options
lxc-start Sense 20221101034550.116 ERROR start - start.c:__lxc_start:2053 - Failed to spawn container "Sense"
root@Bea6:/home/superadmin#

root@Bea6:/opt/lxc/NOS/Sense# cat /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='Chaos Calmer'
DISTRIB_REVISION='eb807c1efc413eb0964ccdf8e8faa31174963fe1'
DISTRIB_CODENAME='chaos_calmer'
DISTRIB_TARGET='ipq/ipq807x'
DISTRIB_DESCRIPTION='OpenWrt Chaos Calmer 15.05.1'
DISTRIB_TAINTS='no-all busybox override'

oot@Bea6:/opt/lxc/NOS/Sense# uname -a
Linux 4.4.60 [#47](https://github.com/lxc/lxc/issues/47) SMP PREEMPT Mon Oct 31 16:19:18 UTC 2022 armv7l GNU/Linux

root@Bea6:/opt/lxc/NOS/Sense# lxc-start --version
4.0.10

root@Beacon 6:/opt/lxc/NOS/Sense# lxc-checkconfig
LXC version 4.0.10
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
newuidmap is not installed
newgidmap is not installed
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroups: enabled
Cgroup namespace: missing

Cgroup v1 mount points:
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/cpu
/sys/fs/cgroup/cpuacct
/sys/fs/cgroup/memory
/sys/fs/cgroup/devices
/sys/fs/cgroup/freezer
/sys/fs/cgroup/net_cls
/sys/fs/cgroup/blkio
/sys/fs/cgroup/pids

Cgroup v2 mount points:

Cgroup v1 systemd controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: missing
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, loaded
CONFIG_NF_NAT_IPV6: enabled, loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: missing
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: missing
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: missing
CONFIG_INET_DIAG: missing
CONFIG_PACKET_DIAG: missing
CONFIG_NETLINK_DIAG: missing
File capabilities:

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

root@Bea6:/opt/lxc/NOS/Sense# cat /etc/subuid
root:100000:65536
root@Bea6:/opt/lxc/NOS/Sense# cat /etc/subgid
root:100000:65536
root@Bea6:/opt/lxc/NOS/Sense# cat config
lxc.include = /etc/NOS.conf
lxc.include = /opt/lxc/NOS/config
lxc.uts.name = Sense
lxc.rootfs.path = dir:/opt/lxc/NOS/Sense/upper
lxc.rootfs.options = ro
lxc.rootfs.mount = /opt/lxc/NOS/Sense/root
lxc.mount.auto =
lxc.mount.auto = proc:rw sys:rw
lxc.mount.entry = /tmp/Sense temporary-data none bind,rw 0 0
lxc.mount.entry = /opt/lxc/NOS/Sense/data persistent-data none bind,rw 0 0
lxc.init.cmd = /etc/init.d/sense boot &
lxc.environment = APP_ROOT=/opt/lxc/NOS/Sense/upper
lxc.environment = APP_NAME=Sense
lxc.mount.entry = /configs configs none bind,ro 0 0
lxc.mount.entry = /var/run/ubus-session run none bind,rbind,rw 0 0
lxc.net.0.type = none
lxc.net.0.flags = up
lxc.cgroup.memory.limit_in_bytes = 40M
lxc.cgroup.cpu.cfs_period_us = 100000
lxc.cgroup.cpu.cfs_quota_us = 20000
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536
root@Bea6:/opt/lxc/NOS/Sense#

root@Bea6:/opt/lxc/NOS/Sense# cat /proc/self/mountinfo
11 19 31:31 / /rom ro,relatime - squashfs mtd:ubi_rootfs ro
12 19 0:4 / /proc rw,nosuid,nodev,noexec,noatime - proc proc rw
13 19 0:12 / /sys rw,nosuid,nodev,noexec,noatime - sysfs sysfs rw
17 19 0:15 / /tmp rw,nosuid,nodev,noatime - tmpfs tmpfs rw
18 19 0:16 / /overlay rw,noatime - ubifs /dev/ubi26_0 rw
19 0 0:17 / / rw,noatime - overlay overlayfs:/overlay rw,lowerdir=/,upperdir=/overlay/upper,workdir=/overlay/work
16 19 0:18 / /dev rw,nosuid,relatime - tmpfs tmpfs rw,size=512k,mode=755
22 16 0:10 / /dev/pts rw,relatime - devpts devpts rw,gid=5,mode=620,ptmxmode=000
23 19 0:19 / /configs rw,relatime - ubifs /dev/ubi22_0 rw
24 19 0:20 / /logs rw,relatime - ubifs /dev/ubi27_0 rw
25 19 0:21 / /opt rw,relatime - ubifs /dev/ubi29_0 rw
26 19 31:36 / /lib/firmware/IPQ8074/WIFI_FW rw,relatime - squashfs /dev/mtdblock36 ro
27 13 0:6 / /sys/kernel/debug rw,noatime - debugfs debugfs rw
14 13 0:13 / /sys/fs/cgroup rw,relatime - tmpfs none rw
29 14 0:23 / /sys/fs/cgroup/cpuset rw,relatime - cgroup none rw,cpuset
30 14 0:24 / /sys/fs/cgroup/cpu rw,relatime - cgroup none rw,cpu
31 14 0:25 / /sys/fs/cgroup/cpuacct rw,relatime - cgroup none rw,cpuacct
32 14 0:26 / /sys/fs/cgroup/memory rw,relatime - cgroup none rw,memory
33 14 0:27 / /sys/fs/cgroup/devices rw,relatime - cgroup none rw,devices
34 14 0:28 / /sys/fs/cgroup/freezer rw,relatime - cgroup none rw,freezer
35 14 0:29 / /sys/fs/cgroup/net_cls rw,relatime - cgroup none rw,net_cls
36 14 0:30 / /sys/fs/cgroup/blkio rw,relatime - cgroup none rw,blkio
37 14 0:31 / /sys/fs/cgroup/pids rw,relatime - cgroup none rw,pids
38 19 0:4 / /mnt/proc rw,relatime - proc proc rw
root@Bea6:/opt/lxc/NOS/Sense#

darksky · December 1, 2022, 8:04am

Please use code tags so we can read that... also, v4.x is old... any chance you can update to 5.0.1?

adhicode · December 1, 2022, 9:50am

Our FW uses specific version. Not sure, its related to the versioning. Thank you