X-Original-To: alpine-user@lists.alpinelinux.org
Received: from sonic317-22.consmr.mail.gq1.yahoo.com (sonic317-22.consmr.mail.gq1.yahoo.com [98.137.66.148])
	by lists.alpinelinux.org (Postfix) with ESMTP id 04D25F84D98
	for <alpine-user@lists.alpinelinux.org>; Fri, 29 Mar 2019 08:43:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1553849012; bh=7glCOIFXM/Y0nFvT6AwCc7UYyJ8JMO9hoJNtNBtS4IA=; h=Date:From:To:In-Reply-To:References:Subject:From:Subject; b=UGqEqyAK4YF17UUqkpNP5Wn9RxsNwhlZD3jae0uHw4yU8jwW0kn0ePhZNypjqH1f9d6hZIgz0FQSxs6r8KMyM71L8BoYiL2ld84os7Gc5Q6CON59zg/p3QYU5NisTEwAe6rfvbnoR5PUXo9520nGkdtC/2w6qT8IsWSisKnxzHVzT+lgf/v+IQ0DptLTG2waRnnBiT53MuKmX0F8AqR3Tx3VQ7cqv1AJrPqUhyqjciUvNLB8SDYU8h/5U/qYr8RbVTJ+oZN570/sO9UYQexWiSQrFKg6+BG/2bzRwiZToHVKxwBtlmuG10xEmB7BiBoIxyTQxGfLz5+VcOptqrmf4w==
X-YMail-OSG: 2MxONi8VM1lMicuLir5HUb_o7473W8Tw2rUIJFR7K8fuWWEo5AnS7iutofQX_Eg
 uoO8L8N3QcUYGfAIco.b35aMHj7.VjolljT7trgzPlMjGNnaC5rUj3BBtbqyo8_ecJ9tMghH3p6n
 od6ra7e5FGX0ZAIZ5QAe2ovaepE0in4oCl8qAAGw.AANmSUJskRNgntiGa27pEP9.L_AsIHPZDM.
 UAKc2TNLayoPwr4AFP2uOYjTJ_DcgVrmKvXOPO6KXneBIW5l9gJPlkjLGtH9ZMOaOYgC49Wfrz7K
 LlykAuc6o9dMBI06k2K9_60Nx_jbdbMdK1vqkw05FX7OLu59cAPpUWWakM5_2ra1TIimPuJlxv3f
 fdezHyToaU2iKQCRE567WW7PX8I0wP32ThjGDNwX4LdCs6KZHUEi7Eq3j8fd4uhpB5KygeShPBHl
 lErn9GeHWXqpkdTPcnqQZpALZ9jc07RUqhvtnUWcwZrd981PF9A.c1ux3TC6lVZlDlw6AzTEF_LZ
 wlAhZANxS8bM6OJrdIvT63C7vqVjGKoXNXMuIxIAfkx4_GzW38fzWZpcM61dBK2EFfspL006KOLa
 xRF6_z_BJYdxlPWCvE0Dj4FvyKCVaZ1gfi0uoQeO02AqNEcd3iJhsqG5BSgqJ165ukgURs6w9TVn
 LsqMQeGvXUk0sndoXJpM1q52HqbkHuTVV..ubenwry.dUaJMczXjD3_cTgIAexuLP7se1dUJjWJG
 KeFCCYbqo_zI4pxdCtHPw3s52Iuzxha2CDvv2TY4IphguvARBD0twA6LynAmGTfkJCu8pmvNlZbA
 WkCaO_GWkCC2_WXXEhaDJmib3GZ5T.q0E3zQhzF_wf6qM2A_iuCBdMzGBENi_yiVGAuH0iDSUOit
 sGYE2nAbPmkDuIvUsEZLI2f5rngTDArrIxq6QVOiOMMF.tCABf1_6__Fegowg.T92S1_gXEShlUp
 P9trbWhrhmHNPftDr6BtOqLUglikGDciE.svoqF8vOzCecxhhqN.hObusEeSPVCzuqkIuRQjLcUw
 J60zxrhKGZSonFE55Ted4uZJFB6.trpq9hOPPVuUotYKOo5OyNuI3Wedp2xoRO0QTtkkhmPbGVrz
 kAM5Hbw_IibCZa3psGavI4h4tlyY-
Received: from sonic.gate.mail.ne1.yahoo.com by sonic317.consmr.mail.gq1.yahoo.com with HTTP; Fri, 29 Mar 2019 08:43:32 +0000
Date: Fri, 29 Mar 2019 08:43:27 +0000 (UTC)
From: paul gauret <pgauret@yahoo.com>
To: alpine-user@lists.alpinelinux.org, 
	Daniel Kulesz <daniel.ina1@googlemail.com>
Message-ID: <988908273.7812074.1553849007859@mail.yahoo.com>
In-Reply-To: <20190304235659.b64e6019003b26b4edcb2a67@googlemail.com>
References: <20190304235659.b64e6019003b26b4edcb2a67@googlemail.com>
Subject: Re: [alpine-user] liblxc segfaults when trying to start
 unprivileged container
X-Mailinglist: alpine-user
Precedence: list
List-Id: Alpine Development <alpine-user.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-user+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-user@lists.alpinelinux.org>
List-Help: <mailto:alpine-user+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-user+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_7812073_1632610815.1553849007856"
X-Mailer: WebService/1.1.13277 YMailNorrin Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15

------=_Part_7812073_1632610815.1553849007856
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

 Hmm I have LXC running on 3.9.2 with unprivileged containers without seein=
g these messages.
A couple of differences in my setup though:- I'm using a ZFS backend- I'm n=
ot mounting cgroups fs, only cgroups2
Not sure which user you're using to start your containers, in my case doing=
 everything with root.

    On Monday, March 4, 2019, 11:57:26 PM GMT+1, Daniel Kulesz <daniel.ina1=
@googlemail.com> wrote: =20
=20
 Hi folks,

I tried setting up lxc in unprivileged mode on Alpine 3.9.2 (amd64), but ev=
ery time I try to start any newly created container liblxc just segfaults l=
ike this (taken from dmesg):

[=C2=A0 41.711333] 3[2590]: segfault at 0 ip 00007f20c35d9812 sp 00007ffd82=
b61740 error 4 in liblxc.so.1.5.0[7f20c35c4000+71000]
[=C2=A0 41.711346] Code: c7 44 24 08 00 00 00 00 48 89 c3 4a 8d 04 20 48 89=
 04 24 c6 00 00 45 31 ed 48 8b 45 30 44 89 6c 24 0c 4e 8d 34 ed 00 00 00 00=
 <4e> 8b 24 e8 4d 85 e4 0f 84 84 01 00 00 48 89 de 4c 89 e7 e8 d8 f3

I've setup cgroups and uid/gid mappings using shadow-uidmap and I don't hav=
e any networking configured yet.

Here is the user's lxc configuration file:

localhost:~$ cat .config/lxc/default.conf=20
lxc.include =3D /etc/lxc/default.conf
lxc.idmap =3D u 0 100000 65536
lxc.idmap =3D g 0 100000 65536

And here's the output of lxc-checkconfig:

localhost:~$ lxc-checkconfig=20
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points:=20
/sys/fs/cgroup/openrc
/sys/fs/cgroup/cpuset
/sys/fs/cgroup/cpu
/sys/fs/cgroup/cpuacct
/sys/fs/cgroup/blkio
/sys/fs/cgroup/memory
/sys/fs/cgroup/devices
/sys/fs/cgroup/freezer
/sys/fs/cgroup/net_cls
/sys/fs/cgroup/net_prio
/sys/fs/cgroup/pids

Cgroup v2 mount points:=20
/sys/fs/cgroup/unified

Cgroup v1 systemd controller: missing
Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, not loaded
Macvlan: enabled, not loaded
Vlan: enabled, not loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, not loaded

--- Checkpoint/Restore ---
checkpoint restore: missing
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities:=20

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=3D/path/to/config /usr/bin/lxc-checkconfig


Privileged containers work just fine.

Any ideas?

Cheers, Daniel


---
Unsubscribe:=C2=A0 alpine-user+unsubscribe@lists.alpinelinux.org
Help:=C2=A0 =C2=A0 =C2=A0 =C2=A0 alpine-user+help@lists.alpinelinux.org
---

 =20
------=_Part_7812073_1632610815.1553849007856
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html><head></head><body><div class=3D"ydp34d366dyahoo-style-wrap" style=3D=
"font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;">=
<div></div>
        <div><span><div>Hmm I have LXC running on 3.9.2 with unprivileged c=
ontainers without seeing these messages.</div><div><br></div><div>A couple =
of differences in my setup though:</div><div>- I'm using a ZFS backend</div=
><div>- I'm not mounting cgroups fs, only cgroups2</div><div><br></div><div=
>Not sure which user you're using to start your containers, in my case doin=
g everything with root.</div><div><br></div></span></div><div><br></div>
       =20
        </div><div id=3D"yahoo_quoted_4420175465" class=3D"yahoo_quoted">
            <div style=3D"font-family:'Helvetica Neue', Helvetica, Arial, s=
ans-serif;font-size:13px;color:#26282a;">
               =20
                <div>
                    On Monday, March 4, 2019, 11:57:26 PM GMT+1, Daniel Kul=
esz &lt;daniel.ina1@googlemail.com&gt; wrote:
                </div>
                <div><br></div>
                <div><br></div>
                <div><div dir=3D"ltr">Hi folks,<br></div><div dir=3D"ltr"><=
br></div><div dir=3D"ltr">I tried setting up lxc in unprivileged mode on Al=
pine 3.9.2 (amd64), but every time I try to start any newly created contain=
er liblxc just segfaults like this (taken from dmesg):<br></div><div dir=3D=
"ltr"><br></div><div dir=3D"ltr">[&nbsp;  41.711333] 3[2590]: segfault at 0=
 ip 00007f20c35d9812 sp 00007ffd82b61740 error 4 in liblxc.so.1.5.0[7f20c35=
c4000+71000]<br></div><div dir=3D"ltr">[&nbsp;  41.711346] Code: c7 44 24 0=
8 00 00 00 00 48 89 c3 4a 8d 04 20 48 89 04 24 c6 00 00 45 31 ed 48 8b 45 3=
0 44 89 6c 24 0c 4e 8d 34 ed 00 00 00 00 &lt;4e&gt; 8b 24 e8 4d 85 e4 0f 84=
 84 01 00 00 48 89 de 4c 89 e7 e8 d8 f3<br></div><div dir=3D"ltr"><br></div=
><div dir=3D"ltr">I've setup cgroups and uid/gid mappings using shadow-uidm=
ap and I don't have any networking configured yet.<br></div><div dir=3D"ltr=
"><br></div><div dir=3D"ltr">Here is the user's lxc configuration file:<br>=
</div><div dir=3D"ltr"><br></div><div dir=3D"ltr">localhost:~$ cat .config/=
lxc/default.conf <br></div><div dir=3D"ltr">lxc.include =3D /etc/lxc/defaul=
t.conf<br></div><div dir=3D"ltr">lxc.idmap =3D u 0 100000 65536<br></div><d=
iv dir=3D"ltr">lxc.idmap =3D g 0 100000 65536<br></div><div dir=3D"ltr"><br=
></div><div dir=3D"ltr">And here's the output of lxc-checkconfig:<br></div>=
<div dir=3D"ltr"><br></div><div dir=3D"ltr">localhost:~$ lxc-checkconfig <b=
r></div><div dir=3D"ltr">--- Namespaces ---<br></div><div dir=3D"ltr">Names=
paces: enabled<br></div><div dir=3D"ltr">Utsname namespace: enabled<br></di=
v><div dir=3D"ltr">Ipc namespace: enabled<br></div><div dir=3D"ltr">Pid nam=
espace: enabled<br></div><div dir=3D"ltr">User namespace: enabled<br></div>=
<div dir=3D"ltr">Network namespace: enabled<br></div><div dir=3D"ltr"><br><=
/div><div dir=3D"ltr">--- Control groups ---<br></div><div dir=3D"ltr">Cgro=
ups: enabled<br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">Cgroup v1=
 mount points: <br></div><div dir=3D"ltr">/sys/fs/cgroup/openrc<br></div><d=
iv dir=3D"ltr">/sys/fs/cgroup/cpuset<br></div><div dir=3D"ltr">/sys/fs/cgro=
up/cpu<br></div><div dir=3D"ltr">/sys/fs/cgroup/cpuacct<br></div><div dir=
=3D"ltr">/sys/fs/cgroup/blkio<br></div><div dir=3D"ltr">/sys/fs/cgroup/memo=
ry<br></div><div dir=3D"ltr">/sys/fs/cgroup/devices<br></div><div dir=3D"lt=
r">/sys/fs/cgroup/freezer<br></div><div dir=3D"ltr">/sys/fs/cgroup/net_cls<=
br></div><div dir=3D"ltr">/sys/fs/cgroup/net_prio<br></div><div dir=3D"ltr"=
>/sys/fs/cgroup/pids<br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">C=
group v2 mount points: <br></div><div dir=3D"ltr">/sys/fs/cgroup/unified<br=
></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">Cgroup v1 systemd contro=
ller: missing<br></div><div dir=3D"ltr">Cgroup v1 clone_children flag: enab=
led<br></div><div dir=3D"ltr">Cgroup device: enabled<br></div><div dir=3D"l=
tr">Cgroup sched: enabled<br></div><div dir=3D"ltr">Cgroup cpu account: ena=
bled<br></div><div dir=3D"ltr">Cgroup memory controller: enabled<br></div><=
div dir=3D"ltr">Cgroup cpuset: enabled<br></div><div dir=3D"ltr"><br></div>=
<div dir=3D"ltr">--- Misc ---<br></div><div dir=3D"ltr">Veth pair device: e=
nabled, not loaded<br></div><div dir=3D"ltr">Macvlan: enabled, not loaded<b=
r></div><div dir=3D"ltr">Vlan: enabled, not loaded<br></div><div dir=3D"ltr=
">Bridges: enabled, loaded<br></div><div dir=3D"ltr">Advanced netfilter: en=
abled, not loaded<br></div><div dir=3D"ltr">CONFIG_NF_NAT_IPV4: enabled, no=
t loaded<br></div><div dir=3D"ltr">CONFIG_NF_NAT_IPV6: enabled, not loaded<=
br></div><div dir=3D"ltr">CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not load=
ed<br></div><div dir=3D"ltr">CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not =
loaded<br></div><div dir=3D"ltr">CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabl=
ed, not loaded<br></div><div dir=3D"ltr">CONFIG_NETFILTER_XT_MATCH_COMMENT:=
 enabled, not loaded<br></div><div dir=3D"ltr">FUSE (for use with lxcfs): e=
nabled, not loaded<br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr">---=
 Checkpoint/Restore ---<br></div><div dir=3D"ltr">checkpoint restore: missi=
ng<br></div><div dir=3D"ltr">CONFIG_FHANDLE: enabled<br></div><div dir=3D"l=
tr">CONFIG_EVENTFD: enabled<br></div><div dir=3D"ltr">CONFIG_EPOLL: enabled=
<br></div><div dir=3D"ltr">CONFIG_UNIX_DIAG: enabled<br></div><div dir=3D"l=
tr">CONFIG_INET_DIAG: enabled<br></div><div dir=3D"ltr">CONFIG_PACKET_DIAG:=
 enabled<br></div><div dir=3D"ltr">CONFIG_NETLINK_DIAG: enabled<br></div><d=
iv dir=3D"ltr">File capabilities: <br></div><div dir=3D"ltr"><br></div><div=
 dir=3D"ltr">Note : Before booting a new kernel, you can check its configur=
ation<br></div><div dir=3D"ltr">usage : CONFIG=3D/path/to/config /usr/bin/l=
xc-checkconfig<br></div><div dir=3D"ltr"><br></div><div dir=3D"ltr"><br></d=
iv><div dir=3D"ltr">Privileged containers work just fine.<br></div><div dir=
=3D"ltr"><br></div><div dir=3D"ltr">Any ideas?<br></div><div dir=3D"ltr"><b=
r></div><div dir=3D"ltr">Cheers, Daniel<br></div><div dir=3D"ltr"><br></div=
><div dir=3D"ltr"><br></div><div dir=3D"ltr">---<br></div><div dir=3D"ltr">=
Unsubscribe:&nbsp; alpine-user+<a ymailto=3D"mailto:unsubscribe@lists.alpin=
elinux.org" href=3D"mailto:unsubscribe@lists.alpinelinux.org">unsubscribe@l=
ists.alpinelinux.org</a><br></div><div dir=3D"ltr">Help:&nbsp; &nbsp; &nbsp=
; &nbsp;  alpine-user+<a ymailto=3D"mailto:help@lists.alpinelinux.org" href=
=3D"mailto:help@lists.alpinelinux.org">help@lists.alpinelinux.org</a><br></=
div><div dir=3D"ltr">---<br></div><div dir=3D"ltr"><br></div></div>
            </div>
        </div></body></html>
------=_Part_7812073_1632610815.1553849007856--


---
Unsubscribe:  alpine-user+unsubscribe@lists.alpinelinux.org
Help:         alpine-user+help@lists.alpinelinux.org
---