[Users] A container won't start on upgraded openvz server
Konstantin Khorenko
khorenko at virtuozzo.com
Mon Dec 30 11:01:36 MSK 2019
On 12/30/2019 08:24 AM, Dmitry Konstantinov wrote:
> Hi there,
>
> I've got a container based on a not too outdated gentoo (half a year
> old). It starts/works OK on this:
>
> server1# uname -r; rpm -qa | grep vzctl
> 3.10.0-957.12.2.vz7.86.2
> vzctl-7.0.201-1.vz7.x86_64
> libvzctl-7.0.515.1-1.vz7.x86_64
>
> however today a new one created from the same cache won't start on this:
> server2# uname -r; rpm -qa | grep vzctl
> 3.10.0-1062.4.2.vz7.116.7
> libvzctl-7.0.542-2.vz7.x86_64
> vzctl-7.0.209-1.vz7.x86_64
>
> container was copied to the server1 manually and has no problems
> starting there.
>
> vzctl gives exitcode 3.
>
> vzctl.log has the following:
> ===
> vzctl : CT 22 : Running the script: /usr/libexec/libvzctl/dists/scripts/gentoo-add_ip.sh
> flags=262144
> vzctl : CT 22 : Lock /var/lock/vzctl/22-enter.lck fd=7
> vzctl : CT 22 : flock lock
> vzctl : CT 22 : * Wait on status
> vzctl : CT 22 : Reset loginuid
> vzctl : CT 22 : * Attach by pid 429792
> vzctl : CT 22 : Write /sys/fs/cgroup/cpu,cpuacct/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/cpuset/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/net_cls,net_prio/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/memory/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/devices/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/blkio/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/freezer/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/beancounter/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/ve/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/perf_event/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/hugetlb/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/pids/machine.slice/22/tasks <429919>
> vzctl : CT 22 : Write /sys/fs/cgroup/systemd/22/tasks <429919> 2019-12-29T22:15:50-0600
> vzctl : CT 22 : * attach to net
> vzctl : CT 22 : * attach to uts
> vzctl : CT 22 : * attach to ipc
> vzctl : CT 22 : * attach to pid
> vzctl : CT 22 : * attach to pid_for_children
> vzctl : CT 22 : * attach to user
> vzctl : CT 22 : * attach to mnt
> vzctl : CT 22 : * Wait done ret=0
> vzctl : CT 22 : running: /usr/libexec/libvzctl/scripts/vz-net_del
> vzctl : CT 22 : Deleting ip address(es): 192.168.10.11
> vzctl : CT 22 : Write /sys/fs/cgroup/ve/22/ve.ip_deny <192.168.10.11>
> vzctl : CT 22 : * Failed to configure [3]
> vzctl : CT 22 : Cancel init execution
> vzeventd : Run: /etc/vz/vzevent.d/ve-stop id=22
> ===
>
> the gentoo-add_ip.sh script is called but it doesn't look it is really
> executed. 'echo "test"' or 'echo "test" >> /tmp/testfile', if added to
> the script, do nothing. The files inside the container it is supposed
> to modify remain empty/untouched.
>
> Any ideas how to fix this?
Any complains in dmesg?
In particular i suspect something like:
+ WARN_ONCE(1, "The process %s from VE0 tried to execute untrusted file "
+ "%s from VEX\n",
+ current->comm, name->name);
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
More information about the Users
mailing list