X-Original-To: alpine-user@lists.alpinelinux.org
Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68])
	by lists.alpinelinux.org (Postfix) with ESMTP id 2A463F84DB3
	for <alpine-user@lists.alpinelinux.org>; Mon,  4 Mar 2019 22:57:03 +0000 (UTC)
Received: by mail-wr1-f68.google.com with SMTP id i12so7364225wrw.0
        for <alpine-user@lists.alpinelinux.org>; Mon, 04 Mar 2019 14:57:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20161025;
        h=date:from:to:subject:message-id:mime-version
         :content-transfer-encoding;
        bh=PYBDKNSaYvL29w+8yubFkBeReD9yWp7wmdBKlmM/HkA=;
        b=FGfoZCljYTB8Lj8Eh2ZVJh05UzG0y+AtatHWPfFS3Xfl8emMjVCJJPZi9Lz0RoHiG8
         PDakAMfZvX5Wv0jZ6vfDItfTcg6VRLVeo8ToI8ueyf5VQrkbvfQYyCjHXZZgbY8X1ryb
         JSI7T+c7bXxytwpmBNiXOZMaEgtMtiYVovSkZc6Ttx/+drcQ9iHRg96Z8kj7zfYv1Hif
         X17A5C8XqB9ITmbSsdgTLAG0gjC4PVLrimk4t+KcGkM1ljCRuYuLP8GsjAbH26enCFaf
         b5Fj/PUJ1q/MaKAp/YrUSD8VPmMRr56/LBnZHUJqSzjlwWXkvPz4bn6hDorrGFM5/j71
         kGsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:subject:message-id:mime-version
         :content-transfer-encoding;
        bh=PYBDKNSaYvL29w+8yubFkBeReD9yWp7wmdBKlmM/HkA=;
        b=EtiOVxncPhP6c23nd7C3R7WaeTtclYIxoaprOcKk7+ONvFXY4Udg5ojVB4ydB2Z3jt
         sdbohDx9xEM8LZI2g0dzt4WJb/iEtHsbRZ77O2k3PZM9teq7XeRgy5FjlE0QMe6yYM5s
         mdz1A3mH4ftmjv8hk78bltBiYQ0X1QOgQV8oOhldtwYDgqijYMbC8TghMRAhb/TPhJoD
         GFYm7C05K30tnFGE9OC8ZC0uMMAgs8iE4WWkeiDQiPu4QjHEgGIosBBiySD2DS0wBtpE
         rVdEiGwtofLK/EG5gbwFvf7KGYkl+xIZNU8a9pPElXTxBgP25LevnWcO47CBmEgw4qiP
         TYqw==
X-Gm-Message-State: APjAAAWt2szxy14kSH1Zw3rMG8af9wbIsOiX5g8BNo9O8k4baUPgQABy
	ven8w2aRprrlsnV8+804dY8fMejT
X-Google-Smtp-Source: APXvYqz9JrdEGL32lV48vZAlnQDFHsZGX2S0Uj+e0hFTFDy5N5rQwd1QRtchwEG39VP4n/5EkXF8cg==
X-Received: by 2002:adf:c3c5:: with SMTP id d5mr13554570wrg.308.1551740222037;
        Mon, 04 Mar 2019 14:57:02 -0800 (PST)
Received: from homepc.locald00dz (dslb-084-056-165-091.084.056.pools.vodafone-ip.de. [84.56.165.91])
        by smtp.gmail.com with ESMTPSA id c2sm8735531wrt.93.2019.03.04.14.57.00
        for <alpine-user@lists.alpinelinux.org>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Mon, 04 Mar 2019 14:57:00 -0800 (PST)
Date: Mon, 4 Mar 2019 23:56:59 +0100
From: Daniel Kulesz <daniel.ina1@googlemail.com>
To: alpine-user@lists.alpinelinux.org
Subject: [alpine-user] liblxc segfaults when trying to start unprivileged container
Message-Id: <20190304235659.b64e6019003b26b4edcb2a67@googlemail.com>
X-Mailer: Daniel's homebrew MUA 0.0.1-early-pre-alpha
X-Mailinglist: alpine-user
Precedence: list
List-Id: Alpine Development <alpine-user.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-user+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-user@lists.alpinelinux.org>
List-Help: <mailto:alpine-user+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-user+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hi folks,

I tried setting up lxc in unprivileged mode on Alpine 3.9.2 (amd64), but every time I try to start any newly created container liblxc just segfaults like this (taken from dmesg):

[   41.711333] 3[2590]: segfault at 0 ip 00007f20c35d9812 sp 00007ffd82b61740 error 4 in liblxc.so.1.5.0[7f20c35c4000+71000]
[   41.711346] Code: c7 44 24 08 00 00 00 00 48 89 c3 4a 8d 04 20 48 89 04 24 c6 00 00 45 31 ed 48 8b 45 30 44 89 6c 24 0c 4e 8d 34 ed 00 00 00 00 <4e> 8b 24 e8 4d 85 e4 0f 84 84 01 00 00 48 89 de 4c 89 e7 e8 d8 f3

I've setup cgroups and uid/gid mappings using shadow-uidmap and I don't have any networking configured yet.

Here is the user's lxc configuration file:

localhost:~$ cat .config/lxc/default.conf 
lxc.include = /etc/lxc/default.conf
lxc.idmap = u 0 100000 65536
lxc.idmap = g 0 100000 65536

And here's the output of lxc-checkconfig:

localhost:~$ lxc-checkconfig 
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup/openrc
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/cpu
/sys/fs/cgroup/cpuacct
/sys/fs/cgroup/blkio
/sys/fs/cgroup/memory
/sys/fs/cgroup/devices
/sys/fs/cgroup/freezer
/sys/fs/cgroup/net_cls
/sys/fs/cgroup/net_prio
/sys/fs/cgroup/pids

Cgroup v2 mount points: 
/sys/fs/cgroup/unified

Cgroup v1 systemd controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, not loaded

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig


Privileged containers work just fine.

Any ideas?

Cheers, Daniel


---
Unsubscribe:  alpine-user+unsubscribe@lists.alpinelinux.org
Help:         alpine-user+help@lists.alpinelinux.org
---