[libvirt-users] Strange libvirt exit status 1 (LXC containers)

Wed Aug 24 01:47:21 UTC 2011

Again, replying to myself.

It seems that my assessment that app armor wasn't interfering was mistaken. Found it in the logs:

Aug 23 22:55:44 pea kernel: [17442.226663] type=1400 audit(1314150944.573:64): a
pparmor="DENIED" operation="exec" parent=10501 profile="/usr/sbin/libvirtd" name
="/usr/libexec/libvirt_lxc" pid=10712 comm="libvirtd" requested_mask="x" denied_
mask="x" fsuid=0 ouid=0

Sorry for all the noise.

-- Stephen

On Aug 23, 2011, at 10:08 PM, Stephen Eilert wrote:

> Answering myself. I've enabled as much logging as possible, and asked libvirt to log lxc. This is the result:
> 
> 2011-08-23 22:19:08.778: starting up
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin LIBVIRT_DEBUG=1 LIBVIRT_LOG_OUTPUTS=1:syslog:libvirtd /usr/libexec/libvirt_lxc --name vm_14 --console 18 --handshake 21 --background --veth veth1
> 22:19:08.791: 10215: info : libvirt version: 0.9.4
> 22:19:08.791: 10215: debug : virCommandHook:1962 : Hook is done 0
> libvir: error : cannot execute binary /usr/libexec/libvirt_lxc: Permission denied
> 
> Stil not sure what would prevent libvirt_lxc execution - tested with an unprivileged user and it was able to run the binary (but not actually start the VMs). The error message seem to indicate that the 'exec' call failed. Nothing shows on app armor (disabled it) or other logs in general.
> 
> 
> -- Stephen
> 
> 
> On Aug 23, 2011, at 7:56 PM, Stephen Eilert wrote:
> 
>> 
>> Hello,
>> 
>> I've encountered the following error, trying to start a domain:
>> 
>> error: internal error Child process (PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin LIBVIRT_DEBUG=2 LIBVIRT_LOG_OUTPUTS=2:syslog:libvirtd /usr/libexec/libvirt_lxc --name vm_14 --console 18 --handshake 21 --background --veth veth1) status unexpected: exit status 1
>> 
>> I see nothing relevant in syslog, google searches have returned nothing. Starting libvirt_lxc manually seems to work (the process never returns), but of course the VMs do not start.
>> 
>> I am at a loss on what to do next. I'm running Ubuntu 10.04, which is itself a guest system running under virtual box (host is OSX Lion). I've compiled libvirt from git (using /usr as the --prefix, after removing the OS package), LXC containers are installed from a PPA, as the default Ubuntu kernel doesn't enable network namespaces. LXC itself doesn't appear to be a problem, as I can start VMs with lxc-start. Since I required libvirt's API, using LXC directly is not desirable.
>> 
>> Does anyone have any tips on what I should be looking for? Thanks.
>> 
>> 
>> -- Stephen
>> 
>> 
>> -- Domain definition follows:
>> 
>> <domain type='lxc'>
>> <name>vm_14</name>
>> <uuid>9243fb5b-6b26-44af-7408-69c7f2d4ff03</uuid>
>> <memory>262144</memory>
>> <currentMemory>262144</currentMemory>
>> <vcpu>1</vcpu>
>> <os>
>>   <type arch='x86_64'>exe</type>
>>   <init>/sbin/init</init>
>> </os>
>> <clock offset='utc'/>
>> <on_poweroff>destroy</on_poweroff>
>> <on_reboot>restart</on_reboot>
>> <on_crash>preserve</on_crash>
>> <devices>
>>   <emulator>/usr/libexec/libvirt_lxc</emulator>
>>   <filesystem type='mount' accessmode='passthrough'>
>>     <source dir='/var/lib/lxc/vmpea/rootfs/'/>
>>     <target dir='/'/>
>>     <readonly/>
>>   </filesystem>
>>   <filesystem type='mount' accessmode='passthrough'>
>>     <source dir='/home/lxcadmin/repositories/14'/>
>>     <target dir='/home/lxcmaster'/>
>>   </filesystem>
>>   <interface type='network'>
>>     <mac address='52:54:00:10:7a:e7'/>
>>     <source network='default'/>
>>     <target dev='veth0'/>
>>   </interface>
>>   <console type='pty'>
>>     <target type='serial' port='0'/>
>>   </console>
>> </devices>
>> </domain>
>> 
>> 
> 