1100982 – Systemd segfaults when launched in a user namespace (LXC 1.0.x)

Bug 1100982 - Systemd segfaults when launched in a user namespace (LXC 1.0.x)

Summary: Systemd segfaults when launched in a user namespace (LXC 1.0.x)

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	systemd
Sub Component:
Version:	20
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	systemd-maint
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-05-24 23:24 UTC by rhn
Modified:	2014-06-17 00:48 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-06-17 00:48:24 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
GDB session with systemd + debug logging (20.01 KB, text/plain) 2014-05-24 23:24 UTC, rhn	no flags	Details
View All

Description rhn 2014-05-24 23:24:45 UTC

Created attachment 898987 [details]
GDB session with systemd + debug logging

Description of problem:
When systemd is launched in a user namespace it will segfault in some control group code. I assume it's related to the fact that it cannot mount control groups for itself within the container.

Version-Release number of selected component (if applicable):
# rpm -q systemd
systemd-208-9.fc20.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Install Fedora 20 normally into a KVM virtual machine
2. Mount the virtual disk and copy it to an LXC root filesystem, including UID relabeling for user namespaces
3. Launch container.

Actual results:
systemd segfaults during startup and hangs, possibly with a debug shell if enabled

Expected results:
systemd boots

Additional info:

LXC config file:
==
lxc.utsname = fedora20

lxc.id_map = u 0 1040000 10000
lxc.id_map = g 0 1040000 10000

lxc.tty = 6
lxc.rootfs = /lxc/fedora20

lxc.network.type = veth
lxc.network.link = br0
lxc.network.veth.pair = fedora20
lxc.network.name = eth0

lxc.autodev = 0
lxc.mount.auto = proc:rw sys:rw cgroup:mixed
==

Mount points in the container:
==
# cat /proc/mounts
rootfs / rootfs rw 0 0
atmaweapon/lxc/fedora20 / zfs rw,noatime,xattr,noacl 0 0
/lxc/fedora20/dev /dev tmpfs rw,relatime,size=100k 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sysfs /sys sysfs rw,nodev,relatime 0 0
cgroup_root /sys/fs/cgroup tmpfs rw,nosuid,nodev,noexec,relatime,size=10240k,mode=755,uid=1040000,gid=1040000 0 0
cgroups /sys/fs/cgroup/blkio,net_cls,freezer,devices,memory,cpuacct,cpu,cpuset/lxc/fedora cgroup rw,relatime,blkio,net_cls,freezer,devices,memory,cpuacct,cpu,cpuset,clone_children 0 0
devpts /dev/console devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/tty1 devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/tty2 devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/tty3 devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/tty4 devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/tty5 devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
devpts /dev/tty6 devpts rw,relatime,gid=5,mode=620,ptmxmode=000 0 0
==

GDB session is attached.

Comment 1 Lennart Poettering 2014-06-04 15:06:55 UTC

Newer systemd version will simply refuse to boot now, rather than segfault.

We simply don't support cgroup-less boots, and have removed all support code for it.

Note You need to log in before you can comment on or make changes to this bug.