| View previous topic :: View next topic |
| Author |
Message |
deejay
l33t
Joined: 24 Aug 2004
Posts: 983
Location: Hannover, Germany
|
 Posted: Tue Apr 02, 2019 2:43 pm Post subject: Gentoo in LXC Container: emerge not working anymore |
 |
|
Hi all,
I have installed gentoo within a Linux Container. After upgrading the whole System and a reboot, emerge is not working anymore. Any ideas?
| Code: | >> Emerging (1 of 1) app-editors/nano-3.2::gentoo
mount: /proc: cannot mount none read-only.
Unable to mark /proc slave: 32
* The ebuild phase 'die_hooks' has been aborted since PORTAGE_BUILDDIR
* does not exist: '/var/tmp/portage/app-editors/nano-3.2'
>>> Failed to emerge app-editors/nano-3.2
* Messages for package app-editors/nano-3.2: |
Thx and regards
Danyo
_________________
|
|
| Back to top |
|
 |
leifbk
Guru
Joined: 05 Jan 2004
Posts: 379
Location: Bærum, Norway
|
| Posted: Tue Apr 02, 2019 3:48 pm Post subject: |
|
|
Perhaps you've been hit by the current Gentoo DNS problems.
_________________
Grumpy old man |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 16491
|
| Posted: Wed Apr 03, 2019 1:45 am Post subject: |
|
|
The error messages in that thread do not align with the error shown here. Could you elaborate on why you believe that thread to be an explanation for this problem?
deejay: what restrictions does your Linux Container impose on the processes inside it? |
|
| Back to top |
|
|
deejay
l33t
Joined: 24 Aug 2004
Posts: 983
Location: Hannover, Germany
|
| Posted: Wed Apr 03, 2019 5:35 am Post subject: |
|
|
| Hu wrote: | The error messages in that thread do not align with the error shown here. Could you elaborate on why you believe that thread to be an explanation for this problem?
deejay: what restrictions does your Linux Container impose on the processes inside it? |
Hi Hu,
yes, i also think, that ist has nothing to do with DNS. Here everything is working fine.
What do you mean with restrictions?
As i initially installed the Linux Container, everything was fine. I have made a complete System Update (emerge --update --deep --with-bdeps="y" --newuse @world).
After 100+ updates were installed, i have rebooted the Container.
After this, i was not able to emerge anything else.....
I have created the Container as an unprivilege Container via Proxmox.
_________________
|
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 16491
|
| Posted: Thu Apr 04, 2019 1:18 am Post subject: |
|
|
| deejay wrote: | | What do you mean with restrictions? |
This: | deejay wrote: | | I have created the Container as an unprivilege Container via Proxmox. |
What exactly does Proxmox do when you tell it to make the container unprivileged? |
|
| Back to top |
|
|
skunk
l33t
Joined: 28 May 2003
Posts: 646
Location: granada, spain
|
| Posted: Thu Apr 04, 2019 10:42 am Post subject: Re: Gentoo in LXC Container: emerge not working anymore |
|
|
| deejay wrote: | | Code: | mount: /proc: cannot mount none read-only.
Unable to mark /proc slave: 32 |
|
it looks like the host os (proxmox) is restricting file system access with apparmor, please check the host's logs for messages like this:
| Code: | | AVC apparmor="DENIED" operation="mount" info="failed type match" error=-13 profile="lxc-container-default-cgns" name="/proc/" pid=... |
then edit the responsible apparmor profile (in the above example "lxc-container-default-cgns"), add the following line:
| Code: | | mount options=(rw, slave), |
inside the profile definition and reload the apparmor service (or reboot).
after restarting the lxc container you'll be able emerge again. |
|
| Back to top |
|
|
Legoguy
Apprentice
Joined: 22 Dec 2003
Posts: 166
Location: Edmonton, Alberta, Canada
|
| Posted: Fri Apr 05, 2019 3:46 am Post subject: |
|
|
I also have this problem, but I do not appear to have any relevant apparmor messages in the logs of the host, and the suggested profile change does not resolve the issue.
My LXC container is "privileged", which, according to the Proxmox documentation on the feature, has nothing to do with apparmor (and everything to do with user namespaces).
I see some notices for **other** (ubuntu) containers, but not for my Gentoo container.
This is a recent change in behaviour; does a newer version of Portage or some related package attempt to remount /proc "ro" before merging packages? |
|
| Back to top |
|
|
skunk
l33t
Joined: 28 May 2003
Posts: 646
Location: granada, spain
|
| Posted: Fri Apr 05, 2019 9:19 am Post subject: |
|
|
| Legoguy wrote: | I also have this problem, but I do not appear to have any relevant apparmor messages in the logs of the host, and the suggested profile change does not resolve the issue.
My LXC container is "privileged", which, according to the Proxmox documentation on the feature, has nothing to do with apparmor (and everything to do with user namespaces). |
i suggested to look at apparmor because that profile change worked for me on an ubuntu host after upgrading portage to v2.3.62.
| Legoguy wrote: | | This is a recent change in behaviour; does a newer version of Portage or some related package attempt to remount /proc "ro" before merging packages? |
yes, it was introduced with this commit, therefore you may also unset the pid-sandbox feature as workaround. |
|
| Back to top |
|
|
PabOu
Veteran
Joined: 11 Feb 2004
Posts: 1088
Location: Hélécine - Belgium
|
| Posted: Wed Apr 17, 2019 10:01 am Post subject: |
|
|
| skunk wrote: | | you may also unset the pid-sandbox feature as workaround. |
Thanks, this worked for me. Using a Proxmox VE 4.4 host based on debian jessie, there is no AppArmor.
_________________
Mangez du poulet ! |
|
| Back to top |
|
|
YidGiw
n00b
Joined: 23 Jul 2019
Posts: 1
|
| Posted: Tue Jul 23, 2019 7:20 pm Post subject: |
|
|
I was able to solve this issue without unsetting pid-sandbox.
You need to enable to "Nesting" feature in the Proxmox LXC.
This can be done from within the Proxmox web interface. |
|
| Back to top |
|
|
|
Portage & Programming
