Bug 987867

Summary:	Running command is hang in generic container
Product:	Red Hat Enterprise Linux 7	Reporter:	Alex Jia <ajia>
Component:	libvirt-sandbox	Assignee:	Daniel Berrangé <berrange>
Status:	CLOSED NOTABUG	QA Contact:	Virtualization Bugs <virt-bugs>
Severity:	high	Docs Contact:
Priority:	high
Version:	7.0	CC:	dyuan, gsun, weizhan, zpeng
Target Milestone:	rc
Target Release:	---
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2013-07-24 10:50:14 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Alex Jia 2013-07-24 10:42:16 UTC

Description of problem:
To create a generic container with specified UID then run any command in the container, the command will be hang.

Version-Release number of selected component (if applicable):
# rpm -q libvirt libvirt-sandbox systemd kernel
libvirt-1.1.0-2.el7.x86_64
libvirt-sandbox-0.2.1-1.el7.x86_64
systemd-204-9.el7.1.x86_64
kernel-3.10.0-1.el7.x86_64


How reproducible:
always

Steps to Reproduce:
1. to create a username on the host
# useradd bob 
# passwd bob

2. to create a generic container with UID of the above username 
# virt-sandbox-service create -U 1000 foobar -- /usr/bin/sh -v

3. to start the foobar container
# virt-sandbox-service start foobar

4. to run any command in the container
# id

Actual results:
# virt-sandbox-service create -U 1000 foobar -- /usr/bin/sh -v
Created sandbox container dir /var/lib/libvirt/filesystems/foobar
# virt-sandbox-service start foobar
sh-4.2$ id


Notes, the command will be hang.

Expected results:
fix it.

Additional info:

Open a new terminal then connect container.


# virt-sandbox-service connect foobar
sh-4.2# id
uid=0(root) gid=0(root) groups=0(root)
sh-4.2# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
bob          1     0  0 17:41 pts/0    00:00:00 /usr/bin/sh -v
root         3     0  0 17:44 ?        00:00:00 /bin/sh
root         5     3  0 17:44 ?        00:00:00 ps -ef


# virsh -c lxc:/// dumpxml foobar
<domain type='lxc' id='13732'>
  <name>foobar</name>
  <uuid>f63d0a22-aa0b-4d28-9e3a-0a4bf79b8bcb</uuid>
  <memory unit='KiB'>524288</memory>
  <currentMemory unit='KiB'>524288</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64'>exe</type>
    <init>/usr/libexec/libvirt-sandbox-init-lxc</init>
  </os>
  <features>
    <privnet/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/libexec/libvirt_lxc</emulator>
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/'/>
      <target dir='/'/>
      <readonly/>
    </filesystem>
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/var/run/libvirt-sandbox/foobar/config'/>
      <target dir='/etc/libvirt-sandbox/scratch'/>
      <readonly/>
    </filesystem>
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/var/lib/libvirt/filesystems/foobar'/>
      <target dir='/var/lib/libvirt/filesystems'/>
    </filesystem>
    <console type='pty' tty='/dev/pts/3'>
      <source path='/dev/pts/3'/>
      <target type='lxc' port='0'/>
      <alias name='console0'/>
    </console>
  </devices>
  <seclabel type='static' model='selinux' relabel='no'>
    <label>system_u:system_r:svirt_lxc_net_t:s0</label>
  </seclabel>
</domain>


# strace -p `pidof libvirtd`

<slice>

poll([{fd=6, events=POLLIN}, {fd=8, events=POLLIN}, {fd=11, events=POLLIN}, {fd=12, events=POLLIN}, {fd=13, events=POLLIN}, {fd=14, events=POLLIN}, {fd=15, events=POLLIN}, {fd=17, events=POLLIN}, {fd=25, events=POLLIN}, {fd=28, events=POLLIN}], 10, 4294967295

</slice>

Ran 'lsof' When the 'id' command is hang.

# lsof -n -p `pidof libvirtd` | egrep -v '(DIR|REG)'
COMMAND    PID USER   FD      TYPE             DEVICE  SIZE/OFF       NODE NAME
libvirtd 14271 root    0r      CHR                1,3       0t0       1028 /dev/null
libvirtd 14271 root    1u     unix 0xffff8801b2c8a300       0t0    1139869 socket
libvirtd 14271 root    2u     unix 0xffff8801b2c8a300       0t0    1139869 socket
libvirtd 14271 root    3r      CHR                1,9       0t0       1033 /dev/urandom
libvirtd 14271 root    6r     FIFO                0,8       0t0    1138489 pipe
libvirtd 14271 root    7w     FIFO                0,8       0t0    1138489 pipe
libvirtd 14271 root    8r     FIFO                0,8       0t0    1138490 pipe
libvirtd 14271 root    9w     FIFO                0,8       0t0    1138490 pipe
libvirtd 14271 root   10u  netlink                          0t0    1138491 AUDIT
libvirtd 14271 root   11u     unix 0xffff880091a41500       0t0    1138492 /var/run/libvirt/libvirt-sock
libvirtd 14271 root   12u     unix 0xffff880091a42d80       0t0    1138494 /var/run/libvirt/libvirt-sock-ro
libvirtd 14271 root   13u  netlink                          0t0    1138496 ROUTE
libvirtd 14271 root   14u  netlink                          0t0    1138497 KOBJECT_UEVENT
libvirtd 14271 root   15u     unix 0xffff8800a18ae300       0t0    1139415 socket
libvirtd 14271 root   17u  netlink                          0t0    1139933 KOBJECT_UEVENT
libvirtd 14271 root   25u     unix 0xffff8800a18aed80       0t0    1139458 socket
libvirtd 14271 root   26r     FIFO                0,8       0t0    1139459 pipe
libvirtd 14271 root   27w     FIFO                0,8       0t0    1139459 pipe
libvirtd 14271 root   28u     unix 0xffff8801b6030700       0t0    1145214 socket
libvirtd 14271 root   29r     FIFO                0,8       0t0    1145215 pipe
libvirtd 14271 root   30w     FIFO                0,8       0t0    1145215 pipe

Comment 2 Daniel Berrangé 2013-07-24 10:50:14 UTC

The virt-sandbox-service tool is not intended for running interactive commands like /bin/sh. It is for system services, where stdin will be wired up to /dev/null by systemd or an equivalent init system.  If you want to run /bin/sh, then virt-sandbox is the command to use

Comment 3 Alex Jia 2013-07-24 11:13:35 UTC

(In reply to Daniel Berrange from comment #2)
> The virt-sandbox-service tool is not intended for running interactive
> commands like /bin/sh. It is for system services, where stdin will be wired
> up to /dev/null by systemd or an equivalent init system.  If you want to run
> /bin/sh, then virt-sandbox is the command to use

Got it, in addition, if I run the following steps then connect container to check whether current user is my specified user, however, the user is root, is it expected result? with steps on Description then current user is 'bob'.


# virt-sandbox-service create --username bob -C -u httpd.service -N dhcp foobar
Created sandbox container dir /var/lib/libvirt/filesystems/foobar
Created unit file /etc/systemd/system/foobar_sandbox.service
Created sandbox config /etc/libvirt-sandbox/services/foobar.sandbox
# virt-sandbox-service start foobar

XXX

[  OK  ] Reached target Timers.
[  OK  ] Reached target Basic System.
         Starting The Apache HTTP Server...
         Starting Cleanup of Temporary Directories...
[  OK  ] Started Cleanup of Temporary Directories.
[  OK  ] Started The Apache HTTP Server.
[  OK  ] Reached target Sandbox multi-user target.

XXX


# virt-sandbox-service connect foobar
sh-4.2# id
uid=0(root) gid=0(root) groups=0(root)
sh-4.2# ps -ef
UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  0 19:04 pts/0    00:00:00 /bin/systemd --unit multi-user.target --log-target console --system
root        14     1  0 19:04 ?        00:00:00 /usr/lib/systemd/systemd-journald
root        22     1  0 19:04 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache      39    22  0 19:04 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache      41    22  0 19:04 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache      42    22  0 19:04 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache      43    22  0 19:04 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
apache      44    22  0 19:04 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND
root        88     1  0 19:05 ?        00:00:00 /sbin/dhclient --no-pid eth0
root        89     0  0 19:05 ?        00:00:00 /bin/sh
root        91    89  0 19:05 ?        00:00:00 ps -ef
sh-4.2# grep bob /etc/passwd
bob:x:1000:1000::/home/bob:/bin/bash
sh-4.2# su bob
bash-4.2$ id
uid=1000(bob) gid=1000(bob) groups=1000(bob)

Comment 4 Daniel Berrangé 2013-07-24 11:15:46 UTC

I think I'd say that it is intentional that you become 'root' when connecting to the container. If you were only 'bob', then you may not have sufficient privileges to fix any problem in the container.

Comment 5 Alex Jia 2013-07-25 09:46:41 UTC

(In reply to Daniel Berrange from comment #2)
> The virt-sandbox-service tool is not intended for running interactive
> commands like /bin/sh. It is for system services, where stdin will be wired
> up to /dev/null by systemd or an equivalent init system.  If you want to run
> /bin/sh, then virt-sandbox is the command to use

Need to fix man page about EXAMPLE section? and also need to document this on guide or test plan as not to be test? thanks.

# man virt-sandbox-service-create

       Create foobar1 Generic container

        # virt-sandbox-service create -U 1234 foobar1 -- /usr/bin/foobar -a -b
        Created container dir /var/lib/libvirt/filesystems/foobar1
        Created sandbox config /etc/libvirt-sandbox/foobar1.sandbox