Debian Bug report logs - #718702
dpkg: start-stop-daemon refuses to start on host when same process is running in a LXC container

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Glen Pitt-Pladdy <gpp-db4239@pitt-pladdy.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: dpkg: start-stop-daemon refuses to start on host when same process is running in a LXC container

Date: Sun, 04 Aug 2013 16:28:15 +0100

Package: dpkg
Version: 1.16.10
Severity: normal

Hi

I noticed services not starting at boot and failed to start when manually started via init scripts. On further investigation this appears S-S-D interacts badly with LXC containers.

To illistrate, when a daemon is running in an LXC container, S-S-D believes it is already running on the host, hence when refuses to start them. For example, manually executing (with --verbose) the same as happens in the snmpd init script:

# start-stop-daemon --verbose --start --oknodo --exec /usr/sbin/snmpd -- -LS n d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
/usr/sbin/snmpd already running.
# ps ax|grep snmpd
11346 ?        S      0:00 /usr/sbin/snmpd -LS n d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
11400 ?        S      0:00 /usr/sbin/snmpd -LS n d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
30383 pts/23   S+     0:00 grep snmpd

However these two snmpd processes are running in LXC containers, not the host:

# cat /proc/11346/cgroup 
1:perf_event,blkio,net_cls,freezer,devices,cpuacct,cpu,cpuset:/lxc/<CONTAINERNAME1>
# cat /proc/11400/cgroup 
1:perf_event,blkio,net_cls,freezer,devices,cpuacct,cpu,cpuset:/lxc/<CONTAINERNAME2>


Likewise, if a service is stopped on the host via S-S-D (init script), it wipes out all the matching daemons on the LXC containers as well:

# ps ax|grep snmpd
 2460 pts/23   S+     0:00 grep snmpd
11346 ?        S      0:01 /usr/sbin/snmpd -LS n d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
11400 ?        S      0:01 /usr/sbin/snmpd -LS n d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
# /etc/init.d/snmpd stop
Stopping network management services: snmpd snmptrapd.
# ps ax|grep snmpd
 2484 pts/23   S+     0:00 grep snmpd


While this may not affect a large proportion of users, it risks crippling the host system if critical services start on a container before the host at boot.


Thanks

Glen


-- System Information:
Debian Release: 7.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dpkg depends on:
ii  libbz2-1.0   1.0.6-4
ii  libc6        2.13-38
ii  liblzma5     5.1.1alpha+20120614-2
ii  libselinux1  2.1.9-5
ii  tar          1.26+dfsg-0.1
ii  zlib1g       1:1.2.7.dfsg-13

dpkg recommends no packages.

Versions of packages dpkg suggests:
ii  apt  0.9.7.9

-- no debconf information

Message #10 received at 718702@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: Glen Pitt-Pladdy <gpp-db4239@pitt-pladdy.com>, 718702@bugs.debian.org

Subject: Re: Bug#718702: dpkg: start-stop-daemon refuses to start on host when same process is running in a LXC container

Date: Sun, 4 Aug 2013 19:56:38 +0200

Hi!

On Sun, 2013-08-04 at 16:28:15 +0100, Glen Pitt-Pladdy wrote:
> Package: dpkg
> Version: 1.16.10
> Severity: normal

> I noticed services not starting at boot and failed to start when manually
> started via init scripts. On further investigation this appears S-S-D
> interacts badly with LXC containers.
> 
> To illistrate, when a daemon is running in an LXC container, S-S-D
> believes it is already running on the host, hence when refuses to
> start them. For example, manually executing (with --verbose) the
> same as happens in the snmpd init script:

It believes so, because it's told to match only on the exec name,
which it does and finds and operates on every and each instance of
the executable found on the system. The init script should be more
specific to avoid this kind of issue.

> # start-stop-daemon --verbose --start --oknodo --exec /usr/sbin/snmpd \
>   -- -LS n d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
> /usr/sbin/snmpd already running.

Notice how the pid file is only passed to the daemon (after --), but
not to s-s-d.

> While this may not affect a large proportion of users, it risks
> crippling the host system if critical services start on a container
> before the host at boot.

So, this is really not a problem with s-s-d, but with the specific
init script. If that script is part of Debian, then we should reassign
the bug report, otherwise if it's a local init script you'd need to
fix that and I'd just close the bug report.

Thanks,
Guillem

Message #15 received at 718702@bugs.debian.org (full text, mbox, reply):

From: Guillem Jover <guillem@debian.org>

To: 718702-submitter@bugs.debian.org, 718702@bugs.debian.org

Cc: snmpd@packages.debian.org

Subject: Re: Bug#718702: dpkg: start-stop-daemon refuses to start on host when same process is running in a LXC container

Date: Tue, 6 Aug 2013 12:36:10 +0200

Control: reassign -1 snmpd
Control: forcemerge 611668 -1

[ Sending through NNNN-submitter@b.d.o because your mail server
  rejected my initial reply… ]

On Sun, 2013-08-04 at 19:56:38 +0200, Guillem Jover wrote:
> Hi!
> 
> On Sun, 2013-08-04 at 16:28:15 +0100, Glen Pitt-Pladdy wrote:
> > Package: dpkg
> > Version: 1.16.10
> > Severity: normal
> 
> > I noticed services not starting at boot and failed to start when manually
> > started via init scripts. On further investigation this appears S-S-D
> > interacts badly with LXC containers.
> > 
> > To illistrate, when a daemon is running in an LXC container, S-S-D
> > believes it is already running on the host, hence when refuses to
> > start them. For example, manually executing (with --verbose) the
> > same as happens in the snmpd init script:
> 
> It believes so, because it's told to match only on the exec name,
> which it does and finds and operates on every and each instance of
> the executable found on the system. The init script should be more
> specific to avoid this kind of issue.
> 
> > # start-stop-daemon --verbose --start --oknodo --exec /usr/sbin/snmpd \
> >   -- -LS n d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid
> > /usr/sbin/snmpd already running.
> 
> Notice how the pid file is only passed to the daemon (after --), but
> not to s-s-d.
> 
> > While this may not affect a large proportion of users, it risks
> > crippling the host system if critical services start on a container
> > before the host at boot.
> 
> So, this is really not a problem with s-s-d, but with the specific
> init script. If that script is part of Debian, then we should reassign
> the bug report, otherwise if it's a local init script you'd need to
> fix that and I'd just close the bug report.

This problem exists in Debian, and has already been filed before,
reassigning.

Thanks,
Guillem

Message #31 received at 611668-done@bugs.debian.org (full text, mbox, reply):

From: Hideki Yamane <henrich@debian.or.jp>

To: 724288-done@bugs.debian.org, 314902-done@bugs.debian.org, 715486-done@bugs.debian.org, 611668-done@bugs.debian.org

Cc: control@bugs.debian.org

Subject: net-snmp bug status change

Date: Wed, 9 Apr 2014 21:44:44 +0900

fixed 724288 5.7.2.1~dfsg-1
fixed 314902 5.7.2.1~dfsg-1
fixed 715486 5.7.2.1~dfsg-1
fixed 611668 5.7.2.1~dfsg-1
severity 543957 wishlist
tags 455707 +patch
thanks


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane

Send a report that this bug log contains spam.