meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vm:proxmox:lxc:issues [2021/03/25 17:03] niziakvm:proxmox:lxc:issues [2023/07/28 12:13] (current) niziak
Line 1: Line 1:
 ====== LXC Issues ====== ====== LXC Issues ======
 +
 +===== lxc_init: Failed to run lxc.hook.pre-start for container =====
 +
 +After upgrade guest system from Debian 12.0 to 12.1.
 +
 +<code bash>
 +lxc-start -lDEBUG -o error.log -F -n <ContainerID>
 +</code>
 +
 +<code>unsupported debian version '12.1'</code>
 +
 +PVE (''pve-container'') needs upgrade.
 +
 +
 +===== apply caps: operation not permitted: unknown. =====
 +
 +BalenaOS Build inside privileged LXC:
 +<code>
 +docker: Error response from daemon: OCI runtime create failed: container_linux.go:380: starting container process caused: apply caps: operation not permitted: unknown.
 +</code>
 +
 +Solution (not secure!):
 +<file container.conf>
 +lxc.apparmor.profile: unconfined
 +lxc.cgroup.devices.allow: a
 +lxc.cap.drop:
 +</file>
 +
 +Source: [[https://danthesalmon.com/running-docker-on-proxmox/]]
 +
 +
 +===== Slow login into container =====
 +
 +see below
 +
 +===== Failed at step NAMESPACE spawning /lib/systemd/systemd-logind: Permission denied =====
 +
 +Debian Bullseye in unprivileged container:
 +
 +<code>
 +systemd[579]: systemd-logind.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied
 +systemd[579]: systemd-logind.service: Failed at step NAMESPACE spawning /lib/systemd/systemd-logind: Permission denied
 +</code>
 +SOLUTION: enable container nesting.
 +
 +
  
 ===== cannot stop container ===== ===== cannot stop container =====
Line 5: Line 51:
  
 Normal commands to stop or reboot doesn't help (even ''lxc-stop -k''). Normal commands to stop or reboot doesn't help (even ''lxc-stop -k'').
 +
 +**CAUSE:** Container was freezed for snapshot. All processess are in 'D' state. Cannot be killed.
 +**SOLUTION:**
 +<code bash>
 +echo THAWED > /sys/fs/cgroup/freezer/lxc/200/freezer.state
 +</code>
 +
 +**Info**: 
 +  * [[https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt|Freezer subsystem]]
 +  * [[https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v1/freezer-subsystem.html]]
 +  * [[https://www.kernel.org/doc/html/latest//power/freezing-of-tasks.html|Freezing of tasks]]
 +
 +
 +==== Investigation ====
 +
 So killing container is solution: So killing container is solution:
 <code bash> <code bash>
Line 14: Line 75:
 kill -9 3747514 kill -9 3747514
 </code> </code>
 +
  
 Now it is not possible to start LXC container again. Debugging: Now it is not possible to start LXC container again. Debugging:
Line 36: Line 98:
 ps axl | awk '$10 ~ /D/' ps axl | awk '$10 ~ /D/'
 </code> </code>
 +
 +<code bash>
 +echo w > /proc/sysrq_trigger
 +
 +[587314.999001] smbd            D    0 1181293  42630 0x00004184
 +[587314.999002] Call Trace:
 +[587314.999004]  __schedule+0x2e6/0x6f0
 +[587314.999005]  schedule+0x33/0xa0
 +[587314.999007]  __refrigerator+0x44/0x160
 +[587314.999009]  get_signal+0x814/0x850
 +[587314.999011]  do_signal+0x34/0x6e0
 +[587314.999013]  ? wait_woken+0x80/0x80
 +[587314.999014]  ? __audit_syscall_exit+0x236/0x290
 +[587314.999016]  exit_to_usermode_loop+0x90/0x130
 +[587314.999018]  do_syscall_64+0x160/0x190
 +[587314.999020]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
 +
 +</code>
 +
 +So it looks like whole container cgroup was freezed for snapshot and problem happens.