lxc broken after upgrade from linux-image-4.12.0-0.bpo.1-amd64 to linux-image-4.13.0-0.bpo.1-amd64

by .pQd
tech, unimportant

lxc containers no longer start after i’ve upgraded debian stretch server from 4.12 kernel from stretch-backports repository to 4.13 also from backports.

symptoms in /var/log/syslog:

Dec 17 16:34:30 lxc1 systemd-udevd[3303]: Could not generate persistent MAC address for veth6X3OHV: No such file or directory
Dec 17 16:34:30 lxc1 kernel: [  244.666014] br.10: port 2(veth106L33) entered blocking state
Dec 17 16:34:30 lxc1 kernel: [  244.666016] br.10: port 2(veth106L33) entered disabled state
Dec 17 16:34:30 lxc1 kernel: [  244.666069] device veth106L33 entered promiscuous mode
Dec 17 16:34:30 lxc1 kernel: [  244.666170] IPv6: ADDRCONF(NETDEV_UP): veth106L33: link is not ready
Dec 17 16:34:30 lxc1 kernel: [  244.698224] eth0: renamed from veth6X3OHV
Dec 17 16:34:30 lxc1 kernel: [  244.729446] IPv6: ADDRCONF(NETDEV_CHANGE): veth106L33: link becomes ready
Dec 17 16:34:30 lxc1 kernel: [  244.729500] br.10: port 2(veth106L33) entered blocking state
Dec 17 16:34:30 lxc1 kernel: [  244.729502] br.10: port 2(veth106L33) entered forwarding state
Dec 17 16:34:30 lxc1 kernel: [  244.848353] br.10: port 2(veth106L33) entered disabled state
Dec 17 16:34:30 lxc1 kernel: [  244.848734] device veth106L33 left promiscuous mode
Dec 17 16:34:30 lxc1 kernel: [  244.848737] br.10: port 2(veth106L33) entered disabled state

that was resolved by creating /etc/systemd/network/99-default.link with:

[Link]
NamePolicy=kernel database onboard slot path
MACAddressPolicy=none

via this comment.

then there was nothing interesting in syslog but the lxc guest still would not start – lxc-start -F -n serverName gave quite messy:

lxc-start: cgroups/cgfsng.c: create_path_for_hierarchy: 1306 Path "/sys/fs/cgroup/systemd//lxc/serverName" already existed.
                                                                                                                         lxc-start: cgroups/cgfsng.c: cgfsng_create: 1363 No such file or directory - Failed to create /sys/fs/cgroup/systemd//lxc/serverName: No such file or directory
                                         lxc-start: lsm/apparmor.c: apparmor_process_label_set: 220 If you really want to start this container, set
                                                                                                                                                   lxc-start: lsm/apparmor.c: apparmor_process_label_set: 221 lxc.aa_allow_incomplete = 1
                                                                                                                                                                                                                                         lxc-start: lsm/apparmor.c: apparmor_process_label_set: 222 in your container configuration file
                                                                                           lxc-start: sync.c: __sync_wait: 57 An error occurred in another process (expected sequence number 5)
                                                                                                                                                                                               lxc-start: start.c: __lxc_start: 1346 Failed to spawn container "serverName".
                             lxc-start: cgroups/cgfsng.c: recursive_destroy: 1270 Error destroying /sys/fs/cgroup/systemd//lxc/serverName-1
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1270 Error destroying /sys/fs/cgroup/perf_event//lxc/serverName-1
[..]
lxc-start: tools/lxc_start.c: main: 366 The container failed to start.
lxc-start: tools/lxc_start.c: main: 370 Additional information can be obtained by setting the --logfile and --logpriority options.

which was fixed by editing all of the /var/lib/lxc/serverName/config and adding there:

lxc.aa_profile = unconfined

Leave a Reply

Your email address will not be published. Required fields are marked *

(Spamcheck Enabled)