某一次重启之后,打开容器报错:
Error: Failed to run: /usr/lib/lxd/lxd forkstart mcj2 /var/lib/lxd/containers /var/log/lxd/mcj2/lxc.conf: Try `lxc info --show-log mcj2` for more info
我们来看一下提示信息:
$ lxc info --show-log mcj2 Name: mcj2 Remote: unix:// Architecture: x86_64 Created: 2019/05/05 01:39 UTC Status: Stopped Type: persistent Profiles: default Log: lxc mcj2 20201219085429.974 WARN conf - conf.c:lxc_setup_devpts:1616 - Invalid argument - Failed to unmount old devpts instance lxc mcj2 20201219085429.974 WARN apparmor - lsm/apparmor.c:apparmor_process_label_set:221 - Incomplete AppArmor support in your kernel lxc mcj2 20201219085429.974 ERROR apparmor - lsm/apparmor.c:apparmor_process_label_set:223 - If you really want to start this container, set lxc mcj2 20201219085429.974 ERROR apparmor - lsm/apparmor.c:apparmor_process_label_set:224 - lxc.apparmor.allow_incomplete = 1 lxc mcj2 20201219085429.974 ERROR apparmor - lsm/apparmor.c:apparmor_process_label_set:225 - in your container configuration file lxc mcj2 20201219085429.974 ERROR sync - sync.c:__sync_wait:62 - An error occurred in another process (expected sequence number 5) lxc mcj2 20201219085429.974 WARN network - network.c:lxc_delete_network_priv:2589 - Operation not permitted - Failed to remove interface "eth0" with index 36 lxc mcj2 20201219085429.974 ERROR lxccontainer - lxccontainer.c:wait_on_daemonized_start:842 - Received container state "ABORTING" instead of "RUNNING" lxc mcj2 20201219085429.975 ERROR start - start.c:__lxc_start:1939 - Failed to spawn container "mcj2" lxc 20201219085429.976 WARN commands - commands.c:lxc_cmd_rsp_recv:132 - Connection reset by peer - Failed to receive response for command "get_state"
可以看到,目前的内核版本对AppArmor的支持还不太好,如果我们强行开启还是可以的,只需要在配置文件写入lxc.apparmor.allow_incomplete = 1即可。
首先打开容器的配置文件:lxc config edit xxx
### This is a yaml representation of the configuration.
### Any line starting with a '# will be ignored.
###
### A sample configuration looks like:
### name: container1
### profiles:
### - default
### config:
### volatile.eth0.hwaddr: 00:16:3e:e9:f8:7f
### devices:
### homedir:
### path: /extra
### source: /home/user
### type: disk
### ephemeral: false
###
### Note that the name is shown but cannot be changed
architecture: x86_64
config:
image.architecture: x86_64
image.description: Ubuntu 16.04 LTS server (20180424)
image.os: ubuntu
image.release: xenial
security.privileged: "true"
volatile.base_image: 55c06c2c9b9e47fbb89537134395c12d221e1536d26788c07ee042d07b34dd07
volatile.eth0.hwaddr: 00:16:3e:5d:d6:e2
volatile.eth0.name: eth0
volatile.idmap.base: "0"
volatile.idmap.next: '[]'
volatile.last_state.idmap: '[]'
volatile.last_state.power: RUNNING
devices:
gpu:
type: gpu
ephemeral: false
profiles:
- default
stateful: false
description: ""
然后加一句: raw.lxc: lxc.apparmor.allow_incomplete=1
### This is a yaml representation of the configuration.
### Any line starting with a '# will be ignored.
###
### A sample configuration looks like:
### name: container1
### profiles:
### - default
### config:
### volatile.eth0.hwaddr: 00:16:3e:e9:f8:7f
### devices:
### homedir:
### path: /extra
### source: /home/user
### type: disk
### ephemeral: false
###
### Note that the name is shown but cannot be changed
architecture: x86_64
config:
image.architecture: x86_64
image.description: Ubuntu 16.04 LTS server (20180424)
image.os: ubuntu
image.release: xenial
raw.lxc: lxc.apparmor.allow_incomplete=1
security.privileged: "true"
volatile.base_image: 55c06c2c9b9e47fbb89537134395c12d221e1536d26788c07ee042d07b34dd07
volatile.eth0.hwaddr: 00:16:3e:5d:d6:e2
volatile.eth0.name: eth0
volatile.idmap.base: "0"
volatile.idmap.next: '[]'
volatile.last_state.idmap: '[]'
volatile.last_state.power: RUNNING
devices:
gpu:
type: gpu
ephemeral: false
profiles:
- default
stateful: false
description: ""
关闭配置文件就可以正常打开容器了。
本文最后更新于2020年12月19日,已超过 1 年没有更新,如果文章内容或图片资源失效,请留言反馈,我们会及时处理,谢谢!