lxc-execute does not properly works with containers based on OCI template

[tears-of-noobs]

Required information

• Distribution: ArchLinux
• Distribution version: rolling
• The output of
  • lxc-start --version 3.0.2
  • lxc-checkconfig

--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled

--- Control groups ---
Cgroups: enabled

Cgroup v1 mount points: 
/sys/fs/cgroup/systemd
/sys/fs/cgroup/net_cls,net_prio
/sys/fs/cgroup/blkio
/sys/fs/cgroup/pids
/sys/fs/cgroup/hugetlb
/sys/fs/cgroup/freezer
/sys/fs/cgroup/rdma
/sys/fs/cgroup/devices
/sys/fs/cgroup/memory
/sys/fs/cgroup/cpu,cpuacct
/sys/fs/cgroup/perf_event
/sys/fs/cgroup/cpuset

Cgroup v2 mount points: 
/sys/fs/cgroup/unified

Cgroup v1 clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled, loaded
Macvlan: enabled, not loaded
Vlan: enabled, loaded
Bridges: enabled, loaded
Advanced netfilter: enabled, not loaded
CONFIG_NF_NAT_IPV4: enabled, not loaded
CONFIG_NF_NAT_IPV6: enabled, not loaded
CONFIG_IP_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled, not loaded
CONFIG_NETFILTER_XT_TARGET_CHECKSUM: enabled, not loaded
CONFIG_NETFILTER_XT_MATCH_COMMENT: enabled, not loaded
FUSE (for use with lxcfs): enabled, loaded

--- Checkpoint/Restore ---
checkpoint restore: enabled
CONFIG_FHANDLE: enabled
CONFIG_EVENTFD: enabled
CONFIG_EPOLL: enabled
CONFIG_UNIX_DIAG: enabled
CONFIG_INET_DIAG: enabled
CONFIG_PACKET_DIAG: enabled
CONFIG_NETLINK_DIAG: enabled
File capabilities: 

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig

• uname -a

Linux pornhub.s 4.18.5-arch1-1-ARCH #1 SMP PREEMPT Fri Aug 24 12:48:58 UTC 2018 x86_64 GNU/Linux

• cat /proc/self/cgroup

12:cpuset:/
11:perf_event:/
10:cpu,cpuacct:/
9:memory:/user.slice/user-1000.slice/session-1.scope
8:devices:/user.slice
7:rdma:/
6:freezer:/
5:hugetlb:/
4:pids:/user.slice/user-1000.slice/session-1.scope
3:blkio:/
2:net_cls,net_prio:/
1:name=systemd:/user.slice/user-1000.slice/session-1.scope
0::/user.slice/user-1000.slice/session-1.scope

• cat /proc/1/mounts

proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
sys /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
dev /dev devtmpfs rw,nosuid,relatime,size=3880704k,nr_inodes=970176,mode=755 0 0
run /run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
zroot / zfs rw,relatime,xattr,noacl 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0
cgroup2 /sys/fs/cgroup/unified cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,name=systemd 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0
bpf /sys/fs/bpf bpf rw,nosuid,nodev,noexec,relatime,mode=700 0 0
cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0
cgroup /sys/fs/cgroup/pids cgroup rw,nosuid,nodev,noexec,relatime,pids 0 0
cgroup /sys/fs/cgroup/hugetlb cgroup rw,nosuid,nodev,noexec,relatime,hugetlb 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0
cgroup /sys/fs/cgroup/rdma cgroup rw,nosuid,nodev,noexec,relatime,rdma 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0
cgroup /sys/fs/cgroup/memory cgroup rw,nosuid,nodev,noexec,relatime,memory 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0
cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
mqueue /dev/mqueue mqueue rw,relatime 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=37,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=3836 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,relatime,pagesize=2M 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev 0 0
configfs /sys/kernel/config configfs rw,relatime 0 0
binfmt_misc /proc/sys/fs/binfmt_misc binfmt_misc rw,relatime 0 0
/dev/nvme0n1p1 /boot ext4 rw,relatime,data=ordered 0 0
fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0
tmpfs /run/user/1000 tmpfs rw,nosuid,nodev,relatime,size=777908k,mode=700,uid=1000,gid=1000 0 0

Issue description

lxc-execute does not work on any container based on OCI template. I tried docker://alpine, docker://redis and docker://redis:alpine
Each execution of lxc-execute bring me the errors:

lxc-execute c1 --logfile=/tmp/c1 --logpriority=DEBUG
lxc-execute: c1: conf.c: lxc_setup: 3574 No such file or directory - Unable to open lxc.init.static
lxc-execute: c1: start.c: do_start: 1234 Failed to setup container "c1"
lxc-execute: c1: sync.c: __sync_wait: 59 An error occurred in another process (expected sequence number 5)
lxc-execute: c1: start.c: __lxc_start: 1910 Failed to spawn container "c1"
lxc-execute: c1: tools/lxc_execute.c: main: 240 Failed run an application inside container

Steps to reproduce

1. Install ArchLinux
2. pacman -S lxc
3. lxc-create c1 -t oci -- --url docker://alpine
4. lxc-execute c1 --logfile=/tmp/c1 --logpriority=DEBUG

Information to attach

• any relevant kernel output (dmesg)
• container log

lxc-execute c1 20180907031022.502 INFO     lsm - lsm/lsm.c:lsm_init:47 - LSM security driver nop
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:757 - Processing "reject_force_umount  # comment this to allow umount -f;  not recommended"
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:do_resolve_add_rule:503 - Set seccomp rule to reject force umounts
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:934 - Added native rule for arch 0 for reject_force_umount action 0(kill)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:do_resolve_add_rule:503 - Set seccomp rule to reject force umounts
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:943 - Added compat rule for arch 1073741827 for reject_force_umount action 0(kill)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:do_resolve_add_rule:503 - Set seccomp rule to reject force umounts
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:953 - Added compat rule for arch 1073741886 for reject_force_umount action 0(kill)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:do_resolve_add_rule:503 - Set seccomp rule to reject force umounts
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:963 - Added native rule for arch -1073741762 for reject_force_umount action 0(kill)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:757 - Processing "[all]"
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:757 - Processing "kexec_load errno 1"
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:934 - Added native rule for arch 0 for kexec_load action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:943 - Added compat rule for arch 1073741827 for kexec_load action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:953 - Added compat rule for arch 1073741886 for kexec_load action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:963 - Added native rule for arch -1073741762 for kexec_load action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:757 - Processing "open_by_handle_at errno 1"
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:934 - Added native rule for arch 0 for open_by_handle_at action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:943 - Added compat rule for arch 1073741827 for open_by_handle_at action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:953 - Added compat rule for arch 1073741886 for open_by_handle_at action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:963 - Added native rule for arch -1073741762 for open_by_handle_at action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:757 - Processing "init_module errno 1"
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:934 - Added native rule for arch 0 for init_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:943 - Added compat rule for arch 1073741827 for init_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:953 - Added compat rule for arch 1073741886 for init_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:963 - Added native rule for arch -1073741762 for init_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:757 - Processing "finit_module errno 1"
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:934 - Added native rule for arch 0 for finit_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:943 - Added compat rule for arch 1073741827 for finit_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:953 - Added compat rule for arch 1073741886 for finit_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:963 - Added native rule for arch -1073741762 for finit_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:757 - Processing "delete_module errno 1"
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:934 - Added native rule for arch 0 for delete_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:943 - Added compat rule for arch 1073741827 for delete_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:953 - Added compat rule for arch 1073741886 for delete_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:963 - Added native rule for arch -1073741762 for delete_module action 327681(errno)
lxc-execute c1 20180907031022.503 INFO     seccomp - seccomp.c:parse_config_v2:967 - Merging compat seccomp contexts into main context
lxc-execute c1 20180907031022.505 DEBUG    terminal - terminal.c:lxc_terminal_peer_default:711 - Using terminal "/dev/tty" as proxy
lxc-execute c1 20180907031022.505 DEBUG    terminal - terminal.c:lxc_terminal_signal_init:189 - Created signal fd 9
lxc-execute c1 20180907031022.505 DEBUG    terminal - terminal.c:lxc_terminal_winsz:87 - Set window size to 239 columns and 86 rows
lxc-execute c1 20180907031022.506 INFO     start - start.c:lxc_init:866 - Container "c1" is initialized
lxc-execute c1 20180907031022.507 DEBUG    cgfsng - cgroups/cgfsng.c:cg_legacy_handle_cpuset_hierarchy:613 - "cgroup.clone_children" was already set to "1"
lxc-execute c1 20180907031022.510 INFO     start - start.c:lxc_spawn:1657 - Cloned CLONE_NEWNS
lxc-execute c1 20180907031022.511 INFO     start - start.c:lxc_spawn:1657 - Cloned CLONE_NEWPID
lxc-execute c1 20180907031022.511 INFO     start - start.c:lxc_spawn:1657 - Cloned CLONE_NEWUTS
lxc-execute c1 20180907031022.511 INFO     start - start.c:lxc_spawn:1657 - Cloned CLONE_NEWIPC
lxc-execute c1 20180907031022.511 INFO     start - start.c:lxc_spawn:1657 - Cloned CLONE_NEWNET
lxc-execute c1 20180907031022.511 DEBUG    start - start.c:lxc_try_preserve_namespaces:205 - Preserved mnt namespace via fd 15
lxc-execute c1 20180907031022.511 DEBUG    start - start.c:lxc_try_preserve_namespaces:205 - Preserved pid namespace via fd 16
lxc-execute c1 20180907031022.511 DEBUG    start - start.c:lxc_try_preserve_namespaces:205 - Preserved uts namespace via fd 17
lxc-execute c1 20180907031022.511 DEBUG    start - start.c:lxc_try_preserve_namespaces:205 - Preserved ipc namespace via fd 18
lxc-execute c1 20180907031022.511 DEBUG    start - start.c:lxc_try_preserve_namespaces:205 - Preserved net namespace via fd 19
lxc-execute c1 20180907031022.511 INFO     cgfsng - cgroups/cgfsng.c:__cg_legacy_setup_limits:2196 - Limits for the legacy cgroup hierarchies have been setup
lxc-execute c1 20180907031022.512 DEBUG    start - start.c:lxc_spawn:1711 - Preserved net namespace via fd 10
lxc-execute c1 20180907031022.512 INFO     start - start.c:do_start:1213 - Unshared CLONE_NEWCGROUP
lxc-execute c1 20180907031022.514 DEBUG    storage - storage/storage.c:get_storage_by_name:229 - Detected rootfs type "dir"
lxc-execute c1 20180907031022.514 DEBUG    conf - conf.c:lxc_mount_rootfs:1343 - Mounted rootfs "/var/lib/lxc/c1/rootfs" onto "/usr/lib/lxc/rootfs" with options "(null)"
lxc-execute c1 20180907031022.514 INFO     conf - conf.c:setup_utsname:802 - Set hostname to "c1"
lxc-execute c1 20180907031022.514 INFO     network - network.c:lxc_setup_network_in_child_namespaces:3037 - network has been setup
lxc-execute c1 20180907031022.514 INFO     conf - conf.c:mount_autodev:1129 - Preparing "/dev"
lxc-execute c1 20180907031022.514 INFO     conf - conf.c:mount_autodev:1176 - Prepared "/dev"
lxc-execute c1 20180907031022.515 ERROR    conf - conf.c:lxc_setup:3574 - No such file or directory - Unable to open lxc.init.static
lxc-execute c1 20180907031022.515 ERROR    start - start.c:do_start:1234 - Failed to setup container "c1"
lxc-execute c1 20180907031022.516 ERROR    sync - sync.c:__sync_wait:59 - An error occurred in another process (expected sequence number 5)
lxc-execute c1 20180907031022.516 DEBUG    network - network.c:lxc_delete_network:3164 - Deleted network devices
lxc-execute c1 20180907031022.517 ERROR    start - start.c:__lxc_start:1910 - Failed to spawn container "c1"
lxc-execute c1 20180907031022.563 ERROR    lxc_execute - tools/lxc_execute.c:main:240 - Failed run an application inside container

• the containers configuration file

# Template used to create this container: /usr/share/lxc/templates/lxc-oci
# Parameters passed to the template: --url docker://alpine
# Template script checksum (SHA-1): 514ea15bea74c72d94e29782d32e446ab677c926
# For additional config options, please look at lxc.container.conf(5)

# Uncomment the following line to support nesting containers:
#lxc.include = /usr/share/lxc/config/nesting.conf
# (Be aware this has security implications)

lxc.net.0.type = empty
lxc.rootfs.path = dir:/var/lib/lxc/c1/rootfs
lxc.execute.cmd = '"/bin/sh" '
lxc.mount.auto = proc:mixed sys:mixed cgroup:mixed
lxc.environment = PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
lxc.include = /usr/share/lxc/config/common.conf
lxc.include = /usr/share/lxc/config/oci.common.conf
lxc.uts.name = c1
lxc.init.uid = 0
lxc.init.gid = 0
lxc.init.cwd = /

[brauner]

ArchLinux does not install init.lxc.static which we found out just a little while ago. So you see:

lxc-execute c1 20180907031022.515 ERROR    conf - conf.c:lxc_setup:3574 - No such file or directory - Unable to open lxc.init.static

so ArchLinux should start to ship init.lxc.static.

[brauner]

Sorry I can't be more helpful than that.