Dear Patrick,

As I understand /dev/null isn't writable in your container. That's definitely a wrong configuration.

Please check, that there is a real device node for /dev/null (and others) in your container and you have it (and others) in the lxc device access control list (lxc.cgroup.devices.allow = c 1:3 rw)

Note that -- depending on the linux flavor in your LXC container -- you might have to populate /dev by your own, because it's not reasonable to run udev or something like this inside a container.

Greetings

Guido

There is indeed a node at /dev/null. The configuration that I base my containers off of is as follows:

--------------------------------------------------------------------------------------------

lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /lxc/debian_squeeze_template/rootfs
lxc.cgroup.devices.deny = a
lxc.network.type = veth
lxc.network.link = br0
#lxc.network.veth.pair =
lxc.network.ipv4 = 192.168.80.100
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

# mounts point
lxc.mount.entry=proc /lxc/debian_squeeze_template//rootfs/proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry=sysfs /lxc/debian_squeeze_template//rootfs/sys sysfs defaults 0 0

-------------------------------------------------------------------------------------------------------

Everything stays the same from container to container except for the IP and the rootfs. I think I have it set up right? Am I missing it?

Pat



----- Original Message -----
From: "Guido J?kel" <G.Jaekel at dnb.de>
To: "Patrick Kevin McCaffrey" <pkm at uwm.edu>, "lxc-users" <lxc-users at lists.sourceforge.net>
Sent: Tuesday, December 20, 2011 2:06:49 AM
Subject: Re: [Lxc-users] PostgreSQL - "sh: cannot create /dev/null: Permission denied" - LXC Issue?

Dear Patrick,

As I understand /dev/null isn't writable in your container. That's definitely a wrong configuration.

Please check, that there is a real device node for /dev/null (and others) in your container and you have it (and others) in the lxc device access control list (lxc.cgroup.devices.allow = c 1:3 rw)

Note that -- depending on the linux flavor in your LXC container -- you might have to populate /dev by your own, because it's not reasonable to run udev or something like this inside a container.

Greetings

Guido

If the other replies aren't helping, I'm wondering if your running your
container under NFS?

I've been doing this recently and having issues with NFSv3 & 4, but 2 is
OK. I think it's something to do with ACSs possibly being enabled, but
I've not had time to check further - as it works with good old v2 and
that's OK for me, for now...

Gordon

Sorry for the long delay, but the holidays and school got in the way. I originally thought this was originally a PostgreSQL problem (or so I thought), but it seems to be an LXC one now. Anyway, I've added "lxc.utsname" to my containters' configuration files, as suggested by another user. I'm still left with the same problem that I had before. I have one container set up (email) which run perfectly, and I'm working on a database container, but when I run:

"/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data"

to set up my database, it errors out with:

"sh: cannot create /dev/null: Permission denied
fgets failure: Success
The program "postgres" is needed by initdb but was not found in the
same directory as "/usr/local/pgsql/bin/initdb".
Check your installation."

I tried adding sudo privileges for user "postgres" but then I get "initdb: cannot be run as root"

I can attach logs and config files as necessary. I'm kind of at a dead end here.

Thanks in advance,

Pat


----- Original Message -----
From: "Guido J?kel" <G.Jaekel at dnb.de>
To: "Patrick Kevin McCaffrey" <pkm at uwm.edu>, "lxc-users" <lxc-users at lists.sourceforge.net>
Sent: Tuesday, December 20, 2011 2:06:49 AM
Subject: Re: [Lxc-users] PostgreSQL - "sh: cannot create /dev/null: Permission denied" - LXC Issue?

Dear Patrick,

As I understand /dev/null isn't writable in your container. That's definitely a wrong configuration.

Please check, that there is a real device node for /dev/null (and others) in your container and you have it (and others) in the lxc device access control list (lxc.cgroup.devices.allow = c 1:3 rw)

Note that -- depending on the linux flavor in your LXC container -- you might have to populate /dev by your own, because it's not reasonable to run udev or something like this inside a container.

Greetings

Guido

...
##This line is already in my config file. The entire config file is further below.
## Again, sorry for the how long it took me to reply. Getting this system setup is sort of a side project, and other things have gotten in the way of me working on it lately. Anyway, When I "ls -l" on /dev/nul, I get the following:

crw-r--r-- 1 root root 1, 3 Jan 16 23:24 null

It looks like I definitely don't have write support, if I understand that output correctly. Here is my entire config file for this container:

---------------------------------------------------------------------

lxc.utsname = PE1800-db0
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /lxc/PE1800-db0/rootfs
lxc.cgroup.devices.deny = a
lxc.network.type = veth
lxc.network.link = br0
#lxc.network.veth.pair =
lxc.network.ipv4 = 192.168.80.4
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

# mounts point
lxc.mount.entry=proc /lxc/PE1800-db0//rootfs/proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry=sysfs /lxc/PE1800-db0//rootfs/sys sysfs defaults 0 0

----------------------------------------------

I still get exactly the same output when running "/usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data":

sh: cannot create /dev/null: Permission denied
fgets failure: Success
The program "postgres" is needed by initdb but was not found in the
same directory as "/usr/local/pgsql/bin/initdb".
Check your installation.


Anyone?

Here is the output of "ls -l" before starting the containter:

pat at PowerEdge1800:/lxc$ ls -l /lxc/PE1800-db0/rootfs/dev/null
crw-r--r-- 1 root root 1, 3 Jan 16 23:24 /lxc/PE1800-db0/rootfs/dev/null

I haven't tried removing "lxc.cgroup.devices.deny = a" yet, but it seems like that's my next step. I'm just lost as to where I've gone wrong.


-Pat
Christoph Willing +61 7 3365 8316
Research Computing Centre
University of Queensland

Just wanted to fill everyone in. I edited the permissions of /lxc/PE1800-db0/dev/null as suggested, restarted the container and all seems to be well now. I also changed permissions of /dev/null on my other containers (and my template), as I assume this is the correct setup.

Thanks for your help,

Pat

----- Original Message -----
From: "Christoph Willing" <cwilling at users.sourceforge.net>
To: "lxc-users" <lxc-users at lists.sourceforge.net>
Sent: Saturday, January 28, 2012 7:58:07 AM
Subject: Re: [Lxc-users] PostgreSQL - "sh: cannot create /dev/null: Permission denied" - LXC Issue?
Thats not good - it should look like:
chris at v1:~$ ls -l /var/lib/lxc/v1video/rootfs/dev/null
crw-rw-rw- 1 root root 1, 3 Jul 20 2011 /var/lib/lxc/v1video/rootfs/
dev/null

You can change yours with:
sudo chmod go+w /lxc/PE1800-db0/rootfs/dev/null

Now run the container.
That won't help if the initial permissions are not fixed (as suggested
above) and won't be needed when the permissions are fixed.

Of course this doesn't explain how the permissions became wrong in the
first place ...


chris