On 06/11/2013 04:51 AM, Richard Weinberger wrote: > Am 10.06.2013 21:53, schrieb Richard Weinberger: >> Am 10.06.2013 21:17, schrieb Richard Weinberger: >>> Hi! >>> >>> Am 04.06.2013 13:03, schrieb Daniel P. Berrange: >>>>> It's still under review. needs some ACK. >>>>> If you can help to test or ACK this patchset, it will be very helpful. :) >>>>> >>>>> Actually, I just want to ping... >>>> >>>> I've been away on holiday for 2 weeks, so not had a chance to review >>>> it yet. I'll get to it this week. I hope we'll get this in the 1.0.6 >>>> release this month. >>> >>> Finally I've found some time to test version 4 of the userns patch set. >>> But I'm unable to create a container. >>> >>> ---cut--- >>> linux:~ # LANG=C /opt/libvirt/bin/virsh -c lxc:/// create c1.conf >>> error: Failed to create domain from c1.conf >>> error: Interner Fehler guest failed to start: PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=3f86c48b-b027-4838-ba17-6202a1d7398b >>> LIBVIRT_LXC_UUID=3f86c48b-b027-4838-ba17-6202a1d7398b LIBVIRT_LXC_NAME=c1 /bin/bash >>> error receiving signal from container: Input/output error >>> ---cut--- >>> >>> lxcContainerWaitForContinue() in src/lxc/lxc_controller.c fails with EIO. >>> Maybe because the clone()'ed child dies and the file descriptor used for synchronization becomes invalid. >>> >>> Here my container config: >>> ---cut--- >>> <domain type='lxc'> >>> <name>c1</name> >>> <memory>102400</memory> >>> <os> >>> <type>exe</type> >>> <init>/bin/bash</init> >>> </os> >>> <idmap> >>> <uid start='0' target='100000' count='100000'/> >>> <gid start='0' target='100000' count='100000'/> >>> </idmap> >>> <devices> >>> <console type='pty'/> >>> <filesystem type='mount'> >>> <source dir='/root/c1/rootfs'/> >>> <target dir='/'/> >>> </filesystem> >>> </devices> >>> </domain> >>> ---cut--- >>> >>> Any ideas how to debug this further? >>> This is Linux 3.9.0 with all namespaces enabled. >> >> Whoops, forgot to add the libvirtd debug output: >> >> ---cut--- >> 2013-06-10 19:41:24.661+0000: 29211: debug : virCommandRunAsync:2241 : About to run >> PATH=/usr/lib64/mpi/gcc/openmpi/bin:/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games LIBVIRT_DEBUG=1 LIBVIRT_LOG_OUTPUTS=1:stderr >> /opt/libvirt/lib/libvirt_lxc --name c1 --console 20 --security=none --handshake 23 --background >> 2013-06-10 19:41:24.663+0000: 29211: debug : virFileClose:90 : Closed fd 24 >> 2013-06-10 19:41:24.663+0000: 29211: debug : virCommandRunAsync:2246 : Command result 0, with PID 29303 >> 2013-06-10 19:41:24.664+0000: 29303: debug : virFileClose:90 : Closed fd 3 >> 2013-06-10 19:41:24.665+0000: 29303: debug : virFileClose:90 : Closed fd 4 >> 2013-06-10 19:41:24.666+0000: 29303: debug : virFileClose:90 : Closed fd 5 >> 2013-06-10 19:41:24.666+0000: 29303: debug : virFileClose:90 : Closed fd 6 >> 2013-06-10 19:41:24.667+0000: 29303: debug : virFileClose:90 : Closed fd 7 >> 2013-06-10 19:41:24.667+0000: 29303: debug : virFileClose:90 : Closed fd 8 >> 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 9 >> 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 10 >> 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 11 >> 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 12 >> 2013-06-10 19:41:24.668+0000: 29303: debug : virFileClose:90 : Closed fd 13 >> 2013-06-10 19:41:24.669+0000: 29303: debug : virFileClose:90 : Closed fd 14 >> 2013-06-10 19:41:24.669+0000: 29303: debug : virFileClose:90 : Closed fd 15 >> 2013-06-10 19:41:24.670+0000: 29303: debug : virFileClose:90 : Closed fd 16 >> 2013-06-10 19:41:24.670+0000: 29303: debug : virFileClose:90 : Closed fd 17 >> 2013-06-10 19:41:24.670+0000: 29303: debug : virFileClose:90 : Closed fd 18 >> 2013-06-10 19:41:24.671+0000: 29303: debug : virFileClose:90 : Closed fd 19 >> 2013-06-10 19:41:24.671+0000: 29303: debug : virFileClose:90 : Closed fd 22 >> 2013-06-10 19:41:24.790+0000: 29211: debug : virCommandRun:2115 : Result status 0, stdout: '(null)' stderr: '(null)' >> ---cut--- >> >> Looks like libvirt_lxc was executed and died silently. > > Found the problem. /opt/libvirt/var/log/libvirt/lxc/c1.log contained the info I needed. > Search permissions for /root were missing. m( > Would be nice if virsh would be able to tell one this... > :) have fun with user namespace & libvirt. And thanks for your test. Thanks, Gao > Thanks, > //richard > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list