OpenVZ Forum


Home » Mailing lists » Users » Problems with Debian sid VE
Problems with Debian sid VE [message #29513] Tue, 15 April 2008 14:59 Go to next message
rmello is currently offline  rmello
Messages: 15
Registered: October 2007
Junior Member
I created a Debian Unstable (sid) VE through debootstratp, and I'm
thinking I forgot something because I get some weird behavior out of
that VE when I first start it:

1) I get a message "Mount failed for selinuxfs on /selinux".

I've grepped everything I could and can't find references to selinux

2) When I `vzctl enter <vpsid>` the root user comes out as "I have no name!"

This seems to happen to other users, if I try to su - to the once I've
vzctl enter-ed into the VE.

3) I get a SIGSEV if I try to run aptitude


The weird thing is that after a few minutes it all goes to normal,
until I need to restart the VE that is. Anyone know what I'm
forgetting, or what's going on?

Thanks in advance,

Roberto
Re: Problems with Debian sid VE [message #29517 is a reply to message #29513] Tue, 15 April 2008 16:41 Go to previous messageGo to next message
porridge is currently offline  porridge
Messages: 23
Registered: October 2007
Location: London, UK
Junior Member
On Tue, Apr 15, 2008 at 08:59:00AM -0600, Roberto Mello wrote:
> I created a Debian Unstable (sid) VE through debootstratp, and I'm
> thinking I forgot something because I get some weird behavior out of
> that VE when I first start it:
> 
> 1) I get a message "Mount failed for selinuxfs on /selinux".
> 
> I've grepped everything I could and can't find references to selinux

I think openvz and selinux are mutually exclusive.

> 2) When I `vzctl enter <vpsid>` the root user comes out as "I have no name!"

Can you paste what exactly happens?

> 3) I get a SIGSEV if I try to run aptitude

Perhaps it's just bad OOM handling. Try stracing it?

-- 
Marcin Owsiany <marcin@owsiany.pl>              http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
"Every program in development at MIT expands until it can read mail."
                                                              -- Unknown
Re: Problems with Debian sid VE [message #29594 is a reply to message #29517] Thu, 17 April 2008 18:41 Go to previous messageGo to next message
rmello is currently offline  rmello
Messages: 15
Registered: October 2007
Junior Member
On Tue, Apr 15, 2008 at 10:41 AM, Marcin Owsiany <marcin@owsiany.pl> wrote:
> On Tue, Apr 15, 2008 at 08:59:00AM -0600, Roberto Mello wrote:
>  > I created a Debian Unstable (sid) VE through debootstratp, and I'm
>  > thinking I forgot something because I get some weird behavior out of
>  > that VE when I first start it:
>  >
>  > 1) I get a message "Mount failed for selinuxfs on /selinux".
>  >
>  > I've grepped everything I could and can't find references to selinux
>
>  I think openvz and selinux are mutually exclusive.

I am aware of that. The Hardware Node has no SELinux enabled. It has
been running openvz for quite some time now, but this was my first
time creating a VE with Debian Sid from scratch, i.e. using
debootstrap.

>
>  > 2) When I `vzctl enter <vpsid>` the root user comes out as "I have no name!"
>
>  Can you paste what exactly happens?

foo-HN# vzctl start 115
<openVZ startup messages>
Mount failed for selinuxfs on /selinux
foo-HN# vzctl enter 115
I Have no name!@ve115#

>  > 3) I get a SIGSEV if I try to run aptitude
>
>  Perhaps it's just bad OOM handling. Try stracing it?

No. It's definitely related to the problem that happens with this VE
with Debian Sid in the first few minutes after starting it. After a
few minutes aptitude is able to start up and run just fine.

It's as if the users in /etc/passwd are not recognized by the system
for a bit. I can't "su - someotheruser" for example. After a few
minutes, everything works, but I have to figure this out because
Apache, for example, refuses to start because its www-data user just
doesn't work as soon as the VE starts up.

Anyone have a clue what's going on here?

Roberto
Re: Problems with Debian sid VE [message #29595 is a reply to message #29594] Thu, 17 April 2008 18:58 Go to previous messageGo to next message
rmello is currently offline  rmello
Messages: 15
Registered: October 2007
Junior Member
On Thu, Apr 17, 2008 at 12:41 PM, Roberto Mello <roberto.mello@gmail.com> wrote:
>
>  It's as if the users in /etc/passwd are not recognized by the system
>  for a bit. I can't "su - someotheruser" for example. After a few
>  minutes, everything works, but I have to figure this out because
>  Apache, for example, refuses to start because its www-data user just
>  doesn't work as soon as the VE starts up.
>
>  Anyone have a clue what's going on here?

Here's the syslog from the VE, when I recently had to restart the HN:

Apr 16 23:18:07 ralph1 shutdown[27780]: shutting down for system halt
Apr 16 23:18:07 ralph1 init: Switching to runlevel: 0
Apr 16 23:18:08 ralph1 kernel: Kernel logging (proc) stopped.
Apr 16 23:18:08 ralph1 kernel: Kernel log daemon terminating.
Apr 16 23:18:09 ralph1 exiting on signal 15
Apr 16 23:29:33 ralph1 syslogd 1.5.0#2: restart.
Apr 16 23:29:33 ralph1 kernel: klogd 1.5.0#2, log source = /proc/kmsg started.
Apr 16 23:29:35 ralph1 atd: Cannot get uid for daemon: Unknown error 530
Apr 16 23:29:35 ralph1 /usr/sbin/cron[16207]: (CRON) INFO (pidfile fd = 3)
Apr 16 23:29:36 ralph1 /usr/sbin/cron[16208]: (CRON) STARTUP (fork ok)
Apr 16 23:29:36 ralph1 cron[16208]: Error: bad username; while reading
/etc/crontab
Apr 16 23:29:36 ralph1 cron[16208]: Error: bad username; while reading
/etc/cron.d/php5
Apr 16 23:29:36 ralph1 /usr/sbin/cron[16208]: (CRON) INFO (Running @reboot jobs)
Apr 16 23:29:39 ralph1 init: no more processes left in this runlevel

Notice the error messages regarding uid's and usernames. This lasts
for a few minutes and then everything starts working normally without
any intervention of mine. I'm at a loss.

Roberto
Re: Problems with Debian sid VE [message #29596 is a reply to message #29594] Thu, 17 April 2008 20:54 Go to previous messageGo to next message
porridge is currently offline  porridge
Messages: 23
Registered: October 2007
Location: London, UK
Junior Member
On Thu, Apr 17, 2008 at 12:41:41PM -0600, Roberto Mello wrote:
> On Tue, Apr 15, 2008 at 10:41 AM, Marcin Owsiany <marcin@owsiany.pl> wrote:
> > On Tue, Apr 15, 2008 at 08:59:00AM -0600, Roberto Mello wrote:
> >  > I created a Debian Unstable (sid) VE through debootstratp, and I'm
> >  > thinking I forgot something because I get some weird behavior out of
> >  > that VE when I first start it:
> >  >
> >  > 1) I get a message "Mount failed for selinuxfs on /selinux".
> >  >
> >  > I've grepped everything I could and can't find references to selinux
> >
> >  I think openvz and selinux are mutually exclusive.
> 
> I am aware of that. The Hardware Node has no SELinux enabled.

However it's clearly enabled in userspace in the VE, as it tries to
mount /selinux. Possibly the UID problems are related to that.

> >  > 2) When I `vzctl enter <vpsid>` the root user comes out as "I have no name!"
> >
> >  Can you paste what exactly happens?
> 
> foo-HN# vzctl start 115
> <openVZ startup messages>
> Mount failed for selinuxfs on /selinux
> foo-HN# vzctl enter 115
> I Have no name!@ve115#

Funny, I've never seen that happen before. No wonder I didn't know what
you meant. Looks like "I have no name!" is the username set in bash,
when getpwuid() (which scans /etc/passwd) fails.

> >  > 3) I get a SIGSEV if I try to run aptitude
> >
> >  Perhaps it's just bad OOM handling. Try stracing it?
> 
> No. It's definitely related to the problem that happens with this VE
> with Debian Sid in the first few minutes after starting it. After a
> few minutes aptitude is able to start up and run just fine.

I still think that this SIGSEGV is just aptitude failing to handle an
"impossible" situation correctly.

> Anyone have a clue what's going on here?

My gut feeling is that selinux is to blame. I would try to disable
selinux in the VE.

As one of my colleagues say "If weird shit happens, check selinux."
Root not being able to read /etc/passwd is a fine example of "weird
shit" :)

-- 
Marcin Owsiany <marcin@owsiany.pl>              http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216
 
"Every program in development at MIT expands until it can read mail."
                                                              -- Unknown
Re: Problems with Debian sid VE [message #29640 is a reply to message #29596] Sat, 19 April 2008 17:23 Go to previous messageGo to next message
rmello is currently offline  rmello
Messages: 15
Registered: October 2007
Junior Member
On Thu, Apr 17, 2008 at 2:54 PM, Marcin Owsiany <marcin@owsiany.pl> wrote:
>
>  However it's clearly enabled in userspace in the VE, as it tries to
>  mount /selinux. Possibly the UID problems are related to that.

That's what I think too, but the hard thing is disabling the thing.

>  My gut feeling is that selinux is to blame. I would try to disable
>  selinux in the VE.
>
>  As one of my colleagues say "If weird shit happens, check selinux."
>  Root not being able to read /etc/passwd is a fine example of "weird
>  shit" :)

No kidding. The only thing I can find under /etc about selinux is
under init.d/mtab.sh:

init.d/mtab.sh: if selinux_enabled && which restorecon >/dev/null 2>&1
&& [ -r /etc/mtab ]

mtab.sh includes /lib/lsb/init-functions and /lib/init/mount-functions.sh

This latter file checks for selinxu being enabled:

selinux_enabled () {
        which selinuxenabled >/dev/null 2>&1 && selinuxenabled
}

selinuxenabled is provided the selinux-utils package. I've created an
/etc/selinux/config disabling selinux, and symlinked to it from
/etc/default/selinux, which is where selinux was enabled/disabled on
etch.

But it still doesnt seem to resolve the issue. Sometimes I can only
get "proper" root after attempting a dpkg -l (which fails) and reading
the contents of /var/lib/dpkg/updates/.

When I run selinuxenabled I get a 1 exit code. And then there's this
(also provided in the selinux-utils package):

I have no name!@o2:/# getsebool
getsebool:  SELinux is disabled

But still no go. Anyone who knows SELinux knows what I need to do to
really disable it in a VE?

Thanks,

Roberto
Re: Problems with Debian sid VE [message #29983 is a reply to message #29640] Sun, 04 May 2008 14:12 Go to previous message
rmello is currently offline  rmello
Messages: 15
Registered: October 2007
Junior Member
On Sat, Apr 19, 2008 at 11:23 AM, Roberto Mello <roberto.mello@gmail.com> wrote:
>
>  When I run selinuxenabled I get a 1 exit code. And then there's this
>  (also provided in the selinux-utils package):
>
>  I have no name!@o2:/# getsebool
>  getsebool:  SELinux is disabled
>
>  But still no go. Anyone who knows SELinux knows what I need to do to
>  really disable it in a VE?

Just to report, I haven't been able to figure out how to solve this
yet. Everything I check says that selinux is disabled, but everytime I
restart the VE, the problem reappears.

Roberto

-- 
http://blog.divisiblebyfour.org/
Previous Topic: PowerPC
Next Topic: OpenVZ template confusion
Goto Forum:
  


Current Time: Tue Mar 19 06:47:02 GMT 2024

Total time taken to generate the page: 0.03236 seconds