nelsnelson/container-nesting-failure-examples.txt

## container-nesting-failure-examples.txt
#
# First attempt without apparmor
#

# lxc-create -n outer -t minimal
# ls /var/lib/lxc/outer/rootfs
bin  dev  etc  home  lib  lib64  proc  root  run  run-dhcp  sbin  sys  tmp  usr  var
# ls /var/lib/lxc/outer/rootfs/sys
# lxc-start -n outer -- bash
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
bash-4.2# ls /sys/fs/
bash-4.2# ls /sys/fs/cgroup/
bcache	cgroup	ext4  fuse  selinux
bash-4.2# lxc-create -n inner -t minimal
lxc_container: No such file or directory - failed to create container path for inner
lxc_container: Error creating container inner
bash-4.2# mkdir /var/lib/lxc
bash-4.2# lxc-create -n inner -t minimal
bash-4.2# lxc-ls
inner
bash-4.2# lxc-info -n inner
Name:           inner
State:          STOPPED
# ls /var/lib/lxc/inner/rootfs
bin  dev  etc  home  lib  lib64  proc  root  run  run-dhcp  sbin  sys  tmp  usr  var
bash-4.2# ls /var/lib/lxc/inner/rootfs/sys
bash-4.2#
bash-4.2# lxc-start -n inner -- bash
lxc-start: cgroupfs failed to detect cgroup metadata
lxc-start: failed initializing cgroup support
lxc-start: failed to spawn 'inner'


#
# Attempting with lxc config AppArmor profile option set
#

# sudo lxc-destroy -n outer
# echo -e "\nlxc.aa_profile = lxc-container-default-with-nesting" | tee -a /var/lib/lxc/outer/config
# lxc-create -n outer -t minimal
# lxc-start -n outer -- bash
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
bash-4.2# lxc-create -n inner -t minimal
bash-4.2# mkdir /var/lib/lxc
bash-4.2# lxc-create -n inner -t minimal
bash-4.2# lxc-start -n inner -- bash
lxc-start: cgroupfs failed to detect cgroup metadata
lxc-start: failed initializing cgroup support
lxc-start: failed to spawn 'inner'
	#
	# First attempt without apparmor
	#

	# lxc-create -n outer -t minimal
	# ls /var/lib/lxc/outer/rootfs
	bin dev etc home lib lib64 proc root run run-dhcp sbin sys tmp usr var
	# ls /var/lib/lxc/outer/rootfs/sys
	# lxc-start -n outer -- bash
	bash: cannot set terminal process group (-1): Inappropriate ioctl for device
	bash: no job control in this shell
	bash-4.2# ls /sys/fs/
	bash-4.2# ls /sys/fs/cgroup/
	bcache cgroup ext4 fuse selinux
	bash-4.2# lxc-create -n inner -t minimal
	lxc_container: No such file or directory - failed to create container path for inner
	lxc_container: Error creating container inner
	bash-4.2# mkdir /var/lib/lxc
	bash-4.2# lxc-create -n inner -t minimal
	bash-4.2# lxc-ls
	inner
	bash-4.2# lxc-info -n inner
	Name: inner
	State: STOPPED
	# ls /var/lib/lxc/inner/rootfs
	bin dev etc home lib lib64 proc root run run-dhcp sbin sys tmp usr var
	bash-4.2# ls /var/lib/lxc/inner/rootfs/sys
	bash-4.2#
	bash-4.2# lxc-start -n inner -- bash
	lxc-start: cgroupfs failed to detect cgroup metadata
	lxc-start: failed initializing cgroup support
	lxc-start: failed to spawn 'inner'


	#
	# Attempting with lxc config AppArmor profile option set
	#

	# sudo lxc-destroy -n outer
	# echo -e "\nlxc.aa_profile = lxc-container-default-with-nesting" \| tee -a /var/lib/lxc/outer/config
	# lxc-create -n outer -t minimal
	# lxc-start -n outer -- bash
	bash: cannot set terminal process group (-1): Inappropriate ioctl for device
	bash: no job control in this shell
	bash-4.2# lxc-create -n inner -t minimal
	bash-4.2# mkdir /var/lib/lxc
	bash-4.2# lxc-create -n inner -t minimal
	bash-4.2# lxc-start -n inner -- bash
	lxc-start: cgroupfs failed to detect cgroup metadata
	lxc-start: failed initializing cgroup support
	lxc-start: failed to spawn 'inner'