Bug#808364: lxc: lxc-start fails to mount proc (Operation not permitted)
Package: src:linux
Version: 3.16.7-ckt20-1+deb8u1
Severity: important
After some troubleshooting with the help of snapshot.debian.org I found
that any kernel newer than 3.16.7-ckt11-1+deb8u6 is not able to start
unprivileged lxc containers (as root). Downgrading to
3.16.7-ckt11-1+deb8u6 or older makes it work again.
Here is the error that happens on the newer versions:
# lxc-start -n db1
lxc-start: Operation not permitted - Mount of 'proc' onto '/usr/lib/x86_64-linux-gnu/lxc/rootfs/proc' failed
lxc-start: Operation not permitted - failed to mount 'proc' on '/usr/lib/x86_64-linux-gnu/lxc/rootfs/proc'
lxc-start: failed to setup the mount entries for 'db1'
lxc-start: failed to setup the container
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'db1'
lxc-start: The container failed to start.
lxc-start: Additional information can be obtained by setting the --logfile and --logpriority options.
An strace showed the mount system call simply failed with EPERM as the
error says above.
A similar issue was also reported with lxd on newer Ubuntu kernels here:
https://github.com/lxc/lxd/issues/946
PS. If anyone else is having this issue, download the older kernel from:
http://snapshot.debian.org/binary/linux-image-3.16.0-4-amd64/
The older versions of course will be missing the latest security fixes.
Reply to: