Failed to bind socket: Permission denied

[SergeyOvsienko]

Hi All!

My env

runv -v
runv version 0.8.0

docker -v
Docker version 1.11.0, build 4dc5990

uname -a
Linux runv 4.4.0-31-generic #50~14.04.1-Ubuntu SMP Wed Jul 13 01:07:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

libvirt version: 1.2.2

QEMU emulator version 2.0.0 (Debian 2.0.0+dfsg-2ubuntu1.33), Copyright (c) 2003-2008 Fabrice Bellard

I am do

runv --debug --driver libvirt --kernel /opt/hyperstart/build/kernel --initrd /opt/hyperstart/build/hyper-initrd.img containerd

docker daemon -D -l debug --containerd=/run/runv-containerd/containerd.sock

docker run -d redis

runv crashed with message

libvirt.go:648] domainXML: <domain type="kvm"><name>vm-rlfkjHwRNv</name><memory unit="MiB">128</memory><vcpu placement="static" current="1">1</vcpu><os supported="yes"><type arch="x86_64" machine="pc-i440fx-2.0">hvm</type><kernel>/opt/hyperstart/build/kernel</kernel><initrd>/opt/hyperstart/build/hyper-initrd.img</initrd><cmdline>console=ttyS0 panic=1 no_timer_check</cmdline></os><features><acpi></acpi></features><cpu mode="host-passthrough"></cpu><on_poweroff>destroy</on_poweroff><on_reboot>destroy</on_reboot><on_crash>destroy</on_crash><devices><emulator>/usr/bin/qemu-system-x86_64</emulator><controller type="pci" index="0" model="pci-root"></controller><controller type="virtio-serial" index="0"><address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x00"></address></controller><controller type="scsi" index="0" model="virtio-scsi"><address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x00"></address></controller><controller type="usb" model="none"></controller><filesystem type="mount" accessmode="squash"><driver type="path"></driver><source dir="/var/run/hyper/vm-rlfkjHwRNv/share_dir"></source><target dir="share_dir"></target><address type="pci" domain="0x0000" bus="0x00" slot="0x04" function="0x00"></address></filesystem><channel type="unix"><source mode="bind" path="/var/run/hyper/vm-rlfkjHwRNv/hyper.sock"></source><target type="virtio" name="sh.hyper.channel.0"></target></channel><channel type="unix"><source mode="bind" path="/var/run/hyper/vm-rlfkjHwRNv/tty.sock"></source><target type="virtio" name="sh.hyper.channel.1"></target></channel><console type="unix"><source mode="bind" path="/var/run/hyper/vm-rlfkjHwRNv/console.sock"></source><target type="serial" port="0"></target></console><memballoon model="virtio"><address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x00"></address></memballoon></devices><seclabel type="none"></seclabel><clock offset="utc"><timer name="rtc" track="guest" tickpolicy="catchup"><catchup></catchup></timer></clock><qemu:commandline></qemu:commandline></domain>
E0510 09:47:04.880216   22880 libvirt.go:656] Fail to launch domain [Code-1] [Domain-10] internal error: process exited while connecting to monitor: qemu-system-x86_64: -chardev socket,id=charserial0,path=/var/run/hyper/vm-rlfkjHwRNv/console.sock,server,nowait: Failed to bind socket: Permission denied
qemu-system-x86_64: -chardev socket,id=charserial0,path=/var/run/hyper/vm-rlfkjHwRNv/console.sock,server,nowait: chardev: opening backend "socket" failed
I0510 09:47:04.880369   22880 hypervisor.go:23] SB[vm-rlfkjHwRNv] main event loop got message 13(ERROR_VM_START_FAILED)
I0510 09:47:04.880377   22880 vm_states.go:281] SB[vm-rlfkjHwRNv] VM has exit, or not started at all (13)
I0510 09:47:04.880384   22880 context.go:241] SB[vm-rlfkjHwRNv] VmContext Close()
I0510 09:47:04.880395   22880 json.go:89] SB[vm-rlfkjHwRNv] close jsonBasedHyperstart
I0510 09:47:04.880409   22880 hypervisor.go:31] SB[vm-rlfkjHwRNv] main event loop exiting
E0510 09:47:04.880416   22880 json.go:570] SB[vm-rlfkjHwRNv] get hyperstart API version error: hyperstart closed
W0510 09:47:04.880421   22880 hypervisor.go:47] SB[vm-rlfkjHwRNv] keep-alive test end with error: hyperstart closed
I0510 09:47:04.880436   22880 container.go:78] prepare hypervisor info
panic: send on closed channel
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x64c035]

goroutine 21 [running]:
panic(0xa2e7c0, 0xc42000e0e0)
        /usr/local/go/src/runtime/panic.go:500 +0x1a1
github.com/hyperhq/runv/supervisor.(*Container).create(0x0, 0xc440000000, 0xc400000000)
        /root/GOPATH/src/github.com/hyperhq/runv/supervisor/container.go:79 +0xb5
github.com/hyperhq/runv/supervisor.(*Supervisor).CreateContainer.func1(0xc4200e99b0, 0xc4200e99a8, 0xc42000c6c0, 0xc4201623c0, 0x40)
        /root/GOPATH/src/github.com/hyperhq/runv/supervisor/supervisor.go:57 +0x8f
panic(0xa2e8e0, 0xc420256730)
        /usr/local/go/src/runtime/panic.go:458 +0x243
github.com/hyperhq/runv/hypervisor.(*VmContext).startPod(0xc420287080, 0xc42015e8a0, 0xc42015e8a0)
        /root/GOPATH/src/github.com/hyperhq/runv/hypervisor/vm_states.go:225 +0x322
github.com/hyperhq/runv/hypervisor.(*Vm).InitSandbox(0xc420166730, 0xc42015e8a0, 0xc42015e840, 0xc420166730)
        /root/GOPATH/src/github.com/hyperhq/runv/hypervisor/vm.go:231 +0x4b
github.com/hyperhq/runv/supervisor.createHyperPod(0xffa5c0, 0xc420178b90, 0xc42029e000, 0x1, 0x80, 0x200, 0x9d76e0, 0xc42029e160)
        /root/GOPATH/src/github.com/hyperhq/runv/supervisor/hyperpod.go:485 +0x5cf
github.com/hyperhq/runv/supervisor.(*Supervisor).getHyperPod.func1(0xc42000c6c0, 0xc4200e9898, 0xc4200e98a0, 0xc42029e000)
        /root/GOPATH/src/github.com/hyperhq/runv/supervisor/supervisor.go:229 +0x9e
github.com/hyperhq/runv/supervisor.(*Supervisor).getHyperPod(0xc42000c6c0, 0xc4201623c0, 0x40, 0xc42029e000, 0x0, 0x0, 0x0)
        /root/GOPATH/src/github.com/hyperhq/runv/supervisor/supervisor.go:230 +0x202
github.com/hyperhq/runv/supervisor.(*Supervisor).CreateContainer(0xc42000c6c0, 0xc4201623c0, 0x40, 0xc42015e300, 0x5e, 0xc420282700, 0x69, 0xc420282770, 0x6a, 0xc4202827e0, ...)
        /root/GOPATH/src/github.com/hyperhq/runv/supervisor/supervisor.go:65 +0x144
github.com/hyperhq/runv/containerd/api/grpc/server.(*apiServer).CreateContainer(0xc420032250, 0x7fa87f684028, 0xc4201d64e0, 0xc420298000, 0x0, 0x1e5, 0x1e5)
        /root/GOPATH/src/github.com/hyperhq/runv/containerd/api/grpc/server/server.go:62 +0x422
github.com/hyperhq/runv/containerd/api/grpc/types._API_CreateContainer_Handler(0xa9e3c0, 0xc420032250, 0x7fa87f684028, 0xc4201d64e0, 0xc4202821c0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /root/GOPATH/src/github.com/hyperhq/runv/containerd/api/grpc/types/api.pb.go:2011 +0x27d
github.com/hyperhq/runv/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc42016e2a0, 0xfffb20, 0xc4202761c0, 0xc42028c120, 0xc420174ed0, 0xfebab8, 0xc4201d65a0, 0x0, 0x0)
        /root/GOPATH/src/github.com/hyperhq/runv/vendor/google.golang.org/grpc/server.go:738 +0xc1a
github.com/hyperhq/runv/vendor/google.golang.org/grpc.(*Server).handleStream(0xc42016e2a0, 0xfffb20, 0xc4202761c0, 0xc42028c120, 0xc4201d65a0)
        /root/GOPATH/src/github.com/hyperhq/runv/vendor/google.golang.org/grpc/server.go:932 +0x6b0
github.com/hyperhq/runv/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc420256050, 0xc42016e2a0, 0xfffb20, 0xc4202761c0, 0xc42028c120)
        /root/GOPATH/src/github.com/hyperhq/runv/vendor/google.golang.org/grpc/server.go:497 +0xab
created by github.com/hyperhq/runv/vendor/google.golang.org/grpc.(*Server).serveStreams.func1
        /root/GOPATH/src/github.com/hyperhq/runv/vendor/google.golang.org/grpc/server.go:498 +0xa3

qemu configuration

user = "root"
group = "root"
clear_emulator_capabilities = 0

What am I doing wrong?

[laijs]

hello, SergeyOvsienko

thanks for report. which commit version of runv did you test?

[SergeyOvsienko]

in dmesg

[Wed May 10 09:46:21 2017] audit: type=1400 audit(1494398788.047:34): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-33a4527b-af6b-4e26-8577-1ef02e69b50a" pid=22860 comm="apparmor_parser"
[Wed May 10 09:46:21 2017] audit: type=1400 audit(1494398788.071:35): apparmor="DENIED" operation="mknod" profile="libvirt-33a4527b-af6b-4e26-8577-1ef02e69b50a" name="/run/hyper/vm-OMNHeuWUNi/console.sock" pid=22862 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[Wed May 10 09:46:48 2017] audit: type=1400 audit(1494398815.575:36): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-c48f81c0-2bf5-4ef2-b506-2a2d656b90ca" pid=22876 comm="apparmor_parser"
[Wed May 10 09:46:48 2017] audit: type=1400 audit(1494398815.603:37): apparmor="DENIED" operation="mknod" profile="libvirt-c48f81c0-2bf5-4ef2-b506-2a2d656b90ca" name="/run/hyper/vm-iqJkQnygOg/console.sock" pid=22878 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[Wed May 10 09:46:57 2017] audit: type=1400 audit(1494398824.663:38): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-4e885eb7-0d40-4bf7-913e-915873abd836" pid=22891 comm="apparmor_parser"
[Wed May 10 09:46:57 2017] audit: type=1400 audit(1494398824.683:39): apparmor="DENIED" operation="mknod" profile="libvirt-4e885eb7-0d40-4bf7-913e-915873abd836" name="/run/hyper/vm-rlfkjHwRNv/console.sock" pid=22894 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
[Wed May 10 10:20:29 2017] audit: type=1400 audit(1494400836.267:40): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-92df25b5-6a10-47d9-89e6-a5a62db01ccc" pid=23419 comm="apparmor_parser"
[Wed May 10 10:20:29 2017] audit: type=1400 audit(1494400836.295:41): apparmor="DENIED" operation="mknod" profile="libvirt-92df25b5-6a10-47d9-89e6-a5a62db01ccc" name="/run/hyper/vm-rlfkjHwRNv/console.sock" pid=23421 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

[SergeyOvsienko]

@laijs runv -v runv version 0.8.0

After disable apparmor i can start container

[SergeyOvsienko]

How can I manages cpu and memory limits? docker run -m and --cpuset-cpus dose not work. docker version

Client:
 Version:      1.11.0
 API version:  1.23
 Go version:   go1.5.4
 Git commit:   4dc5990
 Built:        Wed Apr 13 18:34:23 2016
 OS/Arch:      linux/amd64

Server:
 Version:      1.11.0
 API version:  1.23
 Go version:   go1.5.4
 Git commit:   4dc5990
 Built:        Wed Apr 13 18:34:23 2016
 OS/Arch:      linux/amd64