Using Ubuntu 14.04x64 and lxd 2.2-0ubuntu1
Whenever I try to start a container, this error is shown:
Operation not permitted - Error remounting /usr/lib/x86_64-linux-gnu/lxc/sys/fs/cgroup/systemd read-only
Complete Log:
$ lxc info --show-log alpine-edge
Name: alpine-edge
Architecture: x86_64
Created: 2016/09/23 08:08 UTC
Status: Stopped
Type: persistent
Profiles: default
Log:
lxc 20160923170858.412 INFO lxc_start - start.c:lxc_check_inherited:252 - closed inherited fd 3
lxc 20160923170858.412 INFO lxc_start - start.c:lxc_check_inherited:252 - closed inherited fd 8
lxc 20160923170858.414 INFO lxc_container - lxccontainer.c:do_lxcapi_start:797 - Attempting to set proc title to [lxc monitor] /var/lib/lxd/containers alpine-edge
lxc 20160923170858.414 INFO lxc_utils - utils.c:setproctitle:1460 - setting cmdline failed - Invalid argument
lxc 20160923170858.415 INFO lxc_start - start.c:lxc_check_inherited:252 - closed inherited fd 8
lxc 20160923170858.415 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: ..
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for action 0
lxc 20160923170858.415 WARN lxc_seccomp - seccomp.c:do_resolve_add_rule:228 - Seccomp: failed to resolve syscall:
lxc 20160923170858.415 WARN lxc_seccomp - seccomp.c:do_resolve_add_rule:229 - This syscall will NOT be blacklisted
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for action 0
lxc 20160923170858.415 WARN lxc_seccomp - seccomp.c:do_resolve_add_rule:228 - Seccomp: failed to resolve syscall:
lxc 20160923170858.415 WARN lxc_seccomp - seccomp.c:do_resolve_add_rule:229 - This syscall will NOT be blacklisted
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .reject_force_umount # comment this to allow umount -f; not recommended.
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for reject_force_umount action 0
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for reject_force_umount action 0
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .[all].
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .kexec_load errno 38.
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for kexec_load action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for kexec_load action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .open_by_handle_at errno 38.
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for open_by_handle_at action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for open_by_handle_at action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .init_module errno 38.
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for init_module action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for init_module action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .finit_module errno 38.
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for finit_module action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for finit_module action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .delete_module errno 38.
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for delete_module action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for delete_module action 327718
lxc 20160923170858.415 INFO lxc_seccomp - seccomp.c:parse_config_v2:456 - Merging in the compat seccomp ctx into the main one
lxc 20160923170858.415 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/bin/lxd callhook /var/lib/lxd 4 start' for container 'alpine-edge', config section 'lxc'
lxc 20160923170858.415 INFO lxc_start - start.c:lxc_check_inherited:252 - closed inherited fd 3
lxc 20160923170858.415 INFO lxc_start - start.c:lxc_check_inherited:252 - closed inherited fd 8
lxc 20160923170858.418 INFO lxc_monitor - monitor.c:lxc_monitor_sock_name:178 - using monitor sock name lxc/d78a9d7e97b4b375//var/lib/lxd/containers
lxc 20160923170858.447 DEBUG lxc_start - start.c:setup_signal_fd:290 - sigchild handler set
lxc 20160923170858.448 DEBUG lxc_console - console.c:lxc_console_peer_default:469 - no console peer
lxc 20160923170858.448 INFO lxc_start - start.c:lxc_init:489 - 'alpine-edge' is initialized
lxc 20160923170858.449 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type u nsid 0 hostid 19695264 range 65536
lxc 20160923170858.449 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type g nsid 0 hostid 19695264 range 65536
lxc 20160923170858.449 DEBUG lxc_start - start.c:__lxc_start:1327 - Not dropping cap_sys_boot or watching utmp
lxc 20160923170858.449 INFO lxc_start - start.c:resolve_clone_flags:1014 - Cloning a new user namespace
lxc 20160923170858.455 DEBUG lxc_conf - conf.c:instantiate_veth:2615 - instantiated veth 'veth6Q9A24/vethKDH4IH', index is '490'
lxc 20160923170858.455 INFO lxc_cgroup - cgroups/cgroup.c:cgroup_init:68 - cgroup driver cgroupfs-ng initing for alpine-edge
lxc 20160923170858.498 DEBUG lxc_conf - conf.c:lxc_assign_network:3058 - move 'eth0' to '4688'
lxc 20160923170858.498 NOTICE lxc_start - start.c:do_start:778 - switching to gid/uid 0/0 in new user namespace
lxc 20160923170858.498 DEBUG lxc_conf - conf.c:setup_rootfs:1215 - mounted '/var/lib/lxd/containers/alpine-edge/rootfs' on '/usr/lib/x86_64-linux-gnu/lxc'
lxc 20160923170858.498 INFO lxc_conf - conf.c:setup_utsname:843 - 'alpine-edge' hostname has been setup
lxc 20160923170858.526 DEBUG lxc_conf - conf.c:setup_hw_addr:2146 - mac address '00:16:3e:94:b1:9b' on 'eth0' has been setup
lxc 20160923170858.526 DEBUG lxc_conf - conf.c:setup_netdev:2373 - 'eth0' has been setup
lxc 20160923170858.526 INFO lxc_conf - conf.c:setup_network:2394 - network has been setup
lxc 20160923170858.526 INFO lxc_conf - conf.c:mount_autodev:1072 - Mounting container /dev
lxc 20160923170858.526 INFO lxc_conf - conf.c:mount_autodev:1095 - Mounted tmpfs onto /usr/lib/x86_64-linux-gnu/lxc/dev
lxc 20160923170858.526 INFO lxc_conf - conf.c:mount_autodev:1113 - Mounted container /dev
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1657 - remounting /dev/fuse on /usr/lib/x86_64-linux-gnu/lxc/dev/fuse to respect bind or remount options
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1672 - (at remount) flags for /dev/fuse was 4096, required extra flags are 0
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1681 - mountflags already was 4096, skipping remount
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1707 - mounted '/dev/fuse' on '/usr/lib/x86_64-linux-gnu/lxc/dev/fuse', type 'none'
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1657 - remounting /dev/net/tun on /usr/lib/x86_64-linux-gnu/lxc/dev/net/tun to respect bind or remount options
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1672 - (at remount) flags for /dev/net/tun was 4096, required extra flags are 0
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1681 - mountflags already was 4096, skipping remount
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1707 - mounted '/dev/net/tun' on '/usr/lib/x86_64-linux-gnu/lxc/dev/net/tun', type 'none'
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1657 - remounting /proc/sys/fs/binfmt_misc on /usr/lib/x86_64-linux-gnu/lxc/proc/sys/fs/binfmt_misc to respect bind or remount options
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1672 - (at remount) flags for /proc/sys/fs/binfmt_misc was 4110, required extra flags are 14
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1707 - mounted '/proc/sys/fs/binfmt_misc' on '/usr/lib/x86_64-linux-gnu/lxc/proc/sys/fs/binfmt_misc', type 'none'
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1657 - remounting /sys/fs/fuse/connections on /usr/lib/x86_64-linux-gnu/lxc/sys/fs/fuse/connections to respect bind or remount options
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1672 - (at remount) flags for /sys/fs/fuse/connections was 4096, required extra flags are 0
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1681 - mountflags already was 20480, skipping remount
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1707 - mounted '/sys/fs/fuse/connections' on '/usr/lib/x86_64-linux-gnu/lxc/sys/fs/fuse/connections', type 'none'
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1657 - remounting /sys/fs/pstore on /usr/lib/x86_64-linux-gnu/lxc/sys/fs/pstore to respect bind or remount options
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1672 - (at remount) flags for /sys/fs/pstore was 4096, required extra flags are 0
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1681 - mountflags already was 20480, skipping remount
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1707 - mounted '/sys/fs/pstore' on '/usr/lib/x86_64-linux-gnu/lxc/sys/fs/pstore', type 'none'
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1657 - remounting /sys/kernel/debug on /usr/lib/x86_64-linux-gnu/lxc/sys/kernel/debug to respect bind or remount options
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1672 - (at remount) flags for /sys/kernel/debug was 4096, required extra flags are 0
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1681 - mountflags already was 20480, skipping remount
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1707 - mounted '/sys/kernel/debug' on '/usr/lib/x86_64-linux-gnu/lxc/sys/kernel/debug', type 'none'
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1657 - remounting /sys/kernel/security on /usr/lib/x86_64-linux-gnu/lxc/sys/kernel/security to respect bind or remount options
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1672 - (at remount) flags for /sys/kernel/security was 4096, required extra flags are 0
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1681 - mountflags already was 20480, skipping remount
lxc 20160923170858.527 DEBUG lxc_conf - conf.c:mount_entry:1707 - mounted '/sys/kernel/security' on '/usr/lib/x86_64-linux-gnu/lxc/sys/kernel/security', type 'none'
lxc 20160923170858.528 DEBUG lxc_conf - conf.c:mount_entry:1657 - remounting /var/lib/lxd/devlxd on /usr/lib/x86_64-linux-gnu/lxc/dev/lxd to respect bind or remount options
lxc 20160923170858.528 DEBUG lxc_conf - conf.c:mount_entry:1672 - (at remount) flags for /var/lib/lxd/devlxd was 1024, required extra flags are 0
lxc 20160923170858.528 DEBUG lxc_conf - conf.c:mount_entry:1681 - mountflags already was 4096, skipping remount
lxc 20160923170858.528 DEBUG lxc_conf - conf.c:mount_entry:1707 - mounted '/var/lib/lxd/devlxd' on '/usr/lib/x86_64-linux-gnu/lxc/dev/lxd', type 'none'
lxc 20160923170858.528 DEBUG lxc_conf - conf.c:mount_entry:1657 - remounting /var/lib/lxd/shmounts/alpine-edge on /usr/lib/x86_64-linux-gnu/lxc/dev/.lxd-mounts to respect bind or remount options
lxc 20160923170858.528 DEBUG lxc_conf - conf.c:mount_entry:1672 - (at remount) flags for /var/lib/lxd/shmounts/alpine-edge was 1024, required extra flags are 0
lxc 20160923170858.528 DEBUG lxc_conf - conf.c:mount_entry:1681 - mountflags already was 4096, skipping remount
lxc 20160923170858.528 DEBUG lxc_conf - conf.c:mount_entry:1707 - mounted '/var/lib/lxd/shmounts/alpine-edge' on '/usr/lib/x86_64-linux-gnu/lxc/dev/.lxd-mounts', type 'none'
lxc 20160923170858.528 INFO lxc_conf - conf.c:mount_file_entries:1927 - mount points have been setup
lxc 20160923170858.528 ERROR lxc_cgfsng - cgroups/cgfsng.c:do_secondstage_mounts_if_needed:1273 - Operation not permitted - Error remounting /usr/lib/x86_64-linux-gnu/lxc/sys/fs/cgroup/systemd read-only
lxc 20160923170858.528 ERROR lxc_conf - conf.c:lxc_mount_auto_mounts:781 - Operation not permitted - error mounting /sys/fs/cgroup
lxc 20160923170858.528 ERROR lxc_conf - conf.c:lxc_setup:3758 - failed to setup the automatic mounts for 'alpine-edge'
lxc 20160923170858.528 ERROR lxc_start - start.c:do_start:834 - failed to setup the container
lxc 20160923170858.528 ERROR lxc_sync - sync.c:__sync_wait:57 - An error occurred in another process (expected sequence number 3)
lxc 20160923170858.528 WARN lxc_conf - conf.c:lxc_delete_network:2919 - failed to remove interface 490 'eth0'
lxc 20160923170858.528 ERROR lxc_start - start.c:__lxc_start:1354 - failed to spawn 'alpine-edge'
lxc 20160923170858.574 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'alpine-edge', config section 'lxc'
lxc 20160923170859.078 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/bin/lxd callhook /var/lib/lxd 4 stop' for container 'alpine-edge', config section 'lxc'
lxc 20160923170859.099 ERROR lxc_conf - conf.c:run_buffer:347 - Script exited with status 1
lxc 20160923170859.099 ERROR lxc_start - start.c:lxc_fini:555 - failed to run post-stop hooks for container 'alpine-edge'.
lxc 20160923170859.099 WARN lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive response
lxc 20160923170859.099 WARN lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive response
lxc 20160923171117.629 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type u nsid 0 hostid 19695264 range 65536
lxc 20160923171117.629 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type g nsid 0 hostid 19695264 range 65536
lxc 20160923171117.633 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type u nsid 0 hostid 19695264 range 65536
lxc 20160923171117.633 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type g nsid 0 hostid 19695264 range 65536
lxc 20160923171545.046 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type u nsid 0 hostid 19695264 range 65536
lxc 20160923171545.046 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type g nsid 0 hostid 19695264 range 65536
lxc 20160923171545.571 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type u nsid 0 hostid 19695264 range 65536
lxc 20160923171545.571 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type g nsid 0 hostid 19695264 range 65536
lxc 20160923171545.580 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type u nsid 0 hostid 19695264 range 65536
lxc 20160923171545.580 INFO lxc_confile - confile.c:config_idmap:1500 - read uid map: type g nsid 0 hostid 19695264 range 65536
Any solution?
The way I fixed it was to edit the auto-generated config file, based in this bug report:
/var/log/lxd/alpine-edge/lxc.conf :
lxc.mount.auto = sys
Then start the container with:
lxd forkstart alpine-edge /var/lib/lxd/containers /var/log/lxd/alpine-edge/lxc.conf
I just need now to figure how to set that configuration in lxd (that would be another question, which I will link here once I solve it).