canonical-ci-engineering team mailing list archive

[Stéphane Graber <stephane.graber@xxxxxxxxxxxxx>]

Hmm, I just connected to dx-autopilot-intel and I can't seem to
reproduce the issue there. The container starts and so does the whole
user session.

On Fri, Oct 11, 2013 at 09:50:20AM +0300, Timo Jyrinki wrote:
> Hi all,
> 
> Thanks for all the updates and work! I've dist-ugpraded the LXC
> container and host with last night's lxc + dbus updates, but I'm still
> getting:
> 
> http://10.97.0.1:8080/job/autopilot-saucy-daily_release/label=autopilot-intel/2511/console
> 
> -Timo
> 
> 
> On Thu, Oct 10, 2013 at 7:14 PM, Vincent Ladeuil <vila+ci@xxxxxxxxxxxxx> wrote:
> > With dmesg really attached and jibel added in CC.
> >
> >>>>>> Vincent Ladeuil <vila+ci@xxxxxxxxxxxxx> writes:
> >
> >>>>>> Stéphane Graber <stephane.graber@xxxxxxxxxxxxx> writes:
> >     >> On Thu, Oct 10, 2013 at 10:12:39AM +0300, Timo Jyrinki wrote:
> >     >>> Hi,
> >     >>>
> >     >>> Thanks to the efforts yesterday, an lxc problem was identified and
> >     >>> fixed (https://lists.ubuntu.com/archives/saucy-changes/2013-October/011959.html)
> >     >>> during the night my time.
> >     >>>
> >     >>> However, cyphermox reported to me that he updated the containers and
> >     >>> the 'check' (autopilot) jobs of cu2d continue to fail. So the dbus <->
> >     >>> apparmor <-> lxc triangle is not yet in complete harmony. He suggested
> >     >>> checking the /var/log/upstart/lightdm.log and sending it to stgraber /
> >     >>> security team. So here goes:
> >     >>>
> >     >>> http://pastebin.ubuntu.com/6216936/
> >     >>>
> >     >>> It's taken from dx-autopilot-intel and the latest container
> >     >>> saucy-i386-20131010-0216.
> >     >>>
> >     >>> -Timo
> >     >>>
> >     >>> ps. thanks Evan for the ubuntu-engineering post
> >
> >     >> Can you make sure the host is up to date,
> >
> >     > It is.
> >
> >     >> reboot it after that
> >
> >     > Done.
> >
> >     >> (since the dbus apparmor changes came through a kernel change) and
> >     >> then tell me what version of LXC is on the host
> >
> >     > root@dx-autopilot-intel:/var/lib/jenkins# apt-cache policy lxc
> >     > lxc:
> >     >   Installed: 1.0.0~alpha1-0ubuntu10
> >     >   Candidate: 1.0.0~alpha1-0ubuntu10
> >     >   Version table:
> >     >  *** 1.0.0~alpha1-0ubuntu10 0
> >     >         500 http://us.archive.ubuntu.com/ubuntu/ saucy/main i386 Packages
> >     >         100 /var/lib/dpkg/status
> >
> >     >> and attach the "dmesg" output right after a failure.
> >
> >     > dmesg attached.
> >
> >     >> If it's really still an apparmor profile issue, there will be denials in
> >     >> the dmesg output, if not, then it's something else that's breaking your
> >     >> tests.
> >
> >     > Now, otto (which is creating the lxc container) mounts an iso and as
> >     > such requires a loop device. To get that it disables:
> >
> >     > root@dx-autopilot-intel:/etc/apparmor.d/disable# ls -lart
> >     > total 8
> >     > lrwxrwxrwx 1 root root   33 Jun  4 10:34 usr.sbin.rsyslogd -> /etc/apparmor.d/usr.sbin.rsyslogd
> >     > drwxr-xr-x 9 root root 4096 Oct 10 13:14 ..
> >     > lrwxrwxrwx 1 root root   33 Oct 10 13:15 usr.bin.lxc-start -> /etc/apparmor.d/usr.bin.lxc-start
> >     > drwxr-xr-x 2 root root 4096 Oct 10 13:15 .
> >
> >     > Not sure how that interacts with the profiles but without them the
> >     > container can't be started and use its iso.
> >
> >     >           Vincent

-- 
Stéphane Graber
Ubuntu developer
http://www.canonical.com

Attachment: signature.asc
Description: Digital signature