search

anbox / anbox

Anbox is a container-based approach to boot a full Android system on a regular GNU/Linux system
https://anbox.io
GNU General Public License v3.0
8.89k stars 1.16k forks source link

Anbox Couldn't work on lxc 4.0.8 #1801

Open AuraElicase opened 3 years ago

AuraElicase commented 3 years ago

  1. Please check that no similar bug is already reported. Have a look on the list of open bugs at https://github.com/anbox/anbox/issues

  2. Make sure you are running the latest version of Anbox before reporting an issue. Update snap to latest: snap refresh --devmode --edge anbox

  3. Make sure you have debug logs enabled: sudo snap set anbox debug.enable=true

  4. Reproduce the error while debug logs enabled.

  5. Run the anbox logs collection utility and attach the tar file. sudo /snap/bin/anbox.collect-bug-info

  6. Please paste the result of anbox system-info below:

    anbox system-info output 
version: local-9de4e87
cpu:
  arch:  x86
  brand: Intel(R) Core(TM) i5-4258U CPU @ 2.40GHz
  features: 
    - aes
    - sse4_1
    - sse4_2
    - avx
    - avx2
os:
  name: Arch Linux
  version: 
  snap-based: false
kernel:
  version: Linux version 5.12.0-xanmod1-2 (makepkg@archlinux) (gcc (GCC) 10.2.0, GNU ld (GNU Binutils) 2.36.1) #1 SMP PREEMPT Fri, 30 Apr 2021 11:40:51 +0000
  binder: false
  ashmem: true
graphics:
  egl:
    vendor: n/a
    version: n/a
    extensions:
      - n/a
  gles2:
    vendor: n/a
    vendor: n/a
    extensions: []

Please describe your problem: When I using latest anbox from ArchLinux(AUR), I followed ArchWiki's guidance, however, I have got this problem when using $ anbox launch --package=org.anbox.appmgr --component=org.anbox.appmgr.AppViewActivity:

[ 2021-05-01 13:58:55] [daemon.cpp:61@Run] [org.freedesktop.DBus.Error.ServiceUnknown] The name org.anbox was not provided by any .service files

Then I pressed $ anbox session-manager, it outputed:

[ 2021-05-01 13:59:33] [Renderer.cpp:104@initialize] Failed to initialize EGL
[ 2021-05-01 13:59:33] [client.cpp:48@start] Failed to start container: Failed to start container: Failed to set config item lxc.group.devices.deny
[ 2021-05-01 13:59:33] [session_manager.cpp:164@operator()] Lost connection to container manager, terminating.
[ 2021-05-01 13:59:33] [daemon.cpp:61@Run] Container is not running
Stack trace (most recent call last) in thread 23046:

What were you expecting?: I hope someone could fix it.

Additional info: I'm Using lxc-1:4.0.8-1 maybe the latest anbox haven't support it.

Danct12 commented 3 years ago

Checking journalctl on my own after starting anbox-session-manager also shows this:

Failed to start container: Failed to set config item lxc.group.devices.deny
xade93 commented 3 years ago

downgrading lxc to 1:4.0.6-1 temporarily solves the problem

ahmubashshir commented 3 years ago

Here is the core dump. anbox.core.gz

ibilux commented 3 years ago

downgrading lxc to 1:4.0.6-1 temporarily solves the problem

Can confirm, downgrading lxc to 1:4.0.6-1 solves the problem in Manjaro.

Thaodan commented 3 years ago

downgrading lxc to 1:4.0.6-1 temporarily solves the problem

Can confirm, downgrading lxc to 1:4.0.6-1 solves the problem in Manjaro.

Depends on your kernel version.

    sed -e 's/lxc.group.devices.deny/lxc.cgroup2.devices.deny/' -i src/anbox/container/lxc_container.cpp
  sed -e 's/lxc.group.devices.allow/lxc.cgroup2.devices.allow/' -i src/anbox/container/lxc_container.cpp

Could fix it however I can't still start the container..

gardotd426 commented 3 years ago

Arch is already on lxc 4.0.9, and that also does not work w/ anbox

weimzh commented 3 years ago

I managed to get anbox working under Fedora 34. A dirty patch (not suitable for submitting and will break with older lxc versions or a different GNU/Linux distro which uses apparmor): https://gist.github.com/CecilHarvey/86572d515b184ddfa73fb5fa2621914f

There is also an issue with newer versions of lxc: https://github.com/lxc/lxc/pull/3844

gardotd426 commented 3 years ago

Unfortunately the "fix" that supposedly solved this issue that got merged into lxc does not in fact fix the problem. I just tried with the latest lxc master and it's the exact same error.

weimzh commented 3 years ago

Unfortunately the "fix" that supposedly solved this issue that got merged into lxc does not in fact fix the problem. I just tried with the latest lxc master and it's the exact same error.

have you also tried applying this patch to anbox? https://gist.github.com/CecilHarvey/86572d515b184ddfa73fb5fa2621914f

I need to patch both lxc and anbox to get it working here.

gardotd426 commented 3 years ago

Ah, you'd said on the lxc MR that just that patch fixed the issue.

Unfortunately I'm on Arch which uses apparmor for snapd, so I guess that patch won't work, correct? I can still give it a try though, I have a 5900X so it's not like compiling anbox is a big commitment.

gardotd426 commented 3 years ago

Well turns out apparmor isn't an issue for me. I just patched it and built anbox and sure enough, it works. Thanks a lot, it's appreciated.

pabloyoyoista commented 3 years ago

Can anybody please test #1827 and report results? I believe that should fix this (although it does not solve the issue with anbox not supporting cgroupsv2 for lxc).

@CecilHarvey, which is the reason you did this change? Is that also related to LXC 4.0.9?

-  set_config_item(lxc_config_apparmor_profile_key, "unconfined");
+  //set_config_item(lxc_config_apparmor_profile_key, "unconfined");