Ok I have a weird LXC problem I cant seem to solve on my own, LXC was working in 15.04, I created a brand new server install on a new physical machine with 15.10 and configured it exactly as the previous server but LXC is unable to start a container in unprivileged mode. The only differences I see is 15.04 vs 15.10, 32 bit server (old) vs 64 bit server (new), and to be sure I wasn't going insane trying to resolve this I even upgraded to 16.04 today and I still am unable to start the containers up. On top of that when I setup the network bridge br0 I lose all internet connectivity on the host (currently disabled so that it has internet connectivity), where the same exact configuration works on 15.04. It doesnt start up in either br0 or lxcbr0 at all, I'll post my info below and hopefully someone can tell me what's going on so that I can fix it.
/etc/subuid | /etc/subgid
lxc-usernet
/etc/network/interfaces
default.conf
Debug Log
lxc-checkconfig
/etc/subuid | /etc/subgid
Code:
lxcvm:231072:65536Code:
# USERNAME TYPE BRIDGE COUNT
lxcvm veth lxcbr0 10Code:
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto enp3s0
iface enp3s0 inet dhcp
# bridge interface for LXC VM's
#auto br0
#iface br0 inet dhcp
#bridge_ports enp3s0
#bridge_fd 9
#bridge_hello 2
#bridge_maxage 12
#bridge_stp offCode:
lxc.network.type = veth
lxc-network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.id_map = u 0 231072 65536
lxc.id_map = g 0 231072 65536Code:
lxc-start 20160421173932.812 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/lxcvm/.local/share/lxc/Template/config
lxc-start 20160421173932.812 WARN lxc_confile - confile.c:config_pivotdir:1877 - lxc.pivotdir is ignored. It will soon become an error.
lxc-start 20160421173932.813 INFO lxc_confile - confile.c:config_idmap:1498 - read uid map: type u nsid 0 hostid 231072 range 65536
lxc-start 20160421173932.813 INFO lxc_confile - confile.c:config_idmap:1498 - read uid map: type g nsid 0 hostid 231072 range 65536
lxc-start 20160421173932.814 INFO lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver AppArmor
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .reject_force_umount # comment this to allow umount -f; not recommended.
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for reject_force_umount action 0
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for reject_force_umount action 0
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:216 - Setting seccomp rule to reject force umounts
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .[all].
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .kexec_load errno 1.
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for kexec_load action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for kexec_load action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .open_by_handle_at errno 1.
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for open_by_handle_at action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for open_by_handle_at action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .init_module errno 1.
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for init_module action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for init_module action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .finit_module errno 1.
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for finit_module action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for finit_module action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:342 - processing: .delete_module errno 1.
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:446 - Adding native rule for delete_module action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:449 - Adding compat rule for delete_module action 327681
lxc-start 20160421173932.815 INFO lxc_seccomp - seccomp.c:parse_config_v2:456 - Merging in the compat seccomp ctx into the main one
lxc-start 20160421173932.815 DEBUG lxc_start - start.c:setup_signal_fd:289 - sigchild handler set
lxc-start 20160421173932.816 DEBUG lxc_console - console.c:lxc_console_peer_default:437 - opening /dev/tty for console peer
lxc-start 20160421173932.816 INFO lxc_caps - caps.c:lxc_caps_up:101 - Last supported cap was 36
lxc-start 20160421173932.816 DEBUG lxc_console - console.c:lxc_console_peer_default:443 - using '/dev/tty' as console
lxc-start 20160421173932.816 DEBUG lxc_console - console.c:lxc_console_sigwinch_init:142 - 1299 got SIGWINCH fd 9
lxc-start 20160421173932.816 DEBUG lxc_console - console.c:lxc_console_winsz:72 - set winsz dstfd:6 cols:112 rows:36
lxc-start 20160421173932.856 INFO lxc_start - start.c:lxc_init:488 - 'Template' is initialized
lxc-start 20160421173932.857 DEBUG lxc_start - start.c:__lxc_start:1302 - Not dropping cap_sys_boot or watching utmp
lxc-start 20160421173932.857 INFO lxc_start - start.c:resolve_clone_flags:999 - Cloning a new user namespace
lxc-start 20160421173932.857 INFO lxc_cgroup - cgroup.c:cgroup_init:68 - cgroup driver cgroupfs-ng initing for Template
lxc-start 20160421173932.895 ERROR lxc_start - start.c:lxc_spawn:1163 - failed to create the configured network
lxc-start 20160421173932.895 ERROR lxc_start - start.c:__lxc_start:1329 - failed to spawn 'Template'
lxc-start 20160421173932.919 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'Template', config section 'lxc'
lxc-start 20160421173933.456 ERROR lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
lxc-start 20160421173933.457 ERROR lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.Code:
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-4.4.0-21-generic
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled
--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
Bridges: enabled
Advanced netfilter: enabled
CONFIG_NF_NAT_IPV4: enabled
CONFIG_NF_NAT_IPV6: enabled
CONFIG_IP_NF_TARGET_MASQUERADE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled
FUSE (for use with lxcfs): enabled
--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig