Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running needrestart within an lxc container that allows nesting #170

Closed
mphilipps opened this issue Dec 4, 2019 · 5 comments
Closed

Running needrestart within an lxc container that allows nesting #170

mphilipps opened this issue Dec 4, 2019 · 5 comments
Labels
bug
Milestone
v3.5

Comments

@mphilipps
Copy link

hi,
I just tried running needrestart in an lxc container with

lxc.apparmor.profile = generated
lxc.apparmor.allow_nesting = 1

Apparently lxc mounts proc multiple times:

$ mount | grep proc
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
proc on /proc/sys/net type proc (rw,nosuid,nodev,noexec,relatime)
proc on /proc/sys type proc (ro,nosuid,nodev,noexec,relatime)
proc on /proc/sysrq-trigger type proc (ro,nosuid,nodev,noexec,relatime)
lxcfs on /proc/cpuinfo type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/diskstats type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/meminfo type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/stat type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/swaps type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
lxcfs on /proc/uptime type fuse.lxcfs (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
proc on /dev/.lxc/proc type proc (rw,relatime)

to allow nesting. When running needrestart the proc in /dev/.lxc throws plenty of Can't opendir Permission denied, other than that needrestart appears to work just fine.
Is there anyway to blacklist /dev/.lxc?
@liske
Copy link
Owner

liske commented Dec 19, 2019

Can you please post the output of needrestart -v?

@liske liske added the bug label Dec 19, 2019
@liske liske added this to the v3.5 milestone Dec 19, 2019
@liske liske added the moreinfo label Dec 19, 2019
@mphilipps
Copy link
Author

Sure:

needrestart_v.txt

@no-response no-response bot removed the moreinfo label Dec 19, 2019
@liske
Copy link
Owner

liske commented Dec 19, 2019
edited
Loading

This is an issue in the external Proc::ProcessTable library. Could you give the following patch a try? It should suppress those logging messages by overriding the warning handler in Proc::ProcessTable (I'm not able to test it for myself at the moment):

diff --git a/perl/lib/NeedRestart/Utils.pm b/perl/lib/NeedRestart/Utils.pm
index ba45ba6..29b6fe4 100644
--- a/perl/lib/NeedRestart/Utils.pm
+++ b/perl/lib/NeedRestart/Utils.pm
@@ -45,7 +45,11 @@ our @EXPORT = qw(
     nr_fork_pipe2
 );
 
-my %ptable = map {$_->pid => $_} @{ new Proc::ProcessTable(enable_ttys => 1)->table };
+my %ptable;
+{
+    local $SIG{__WARN__} = sub {};
+    %ptable = map {$_->pid => $_} @{ new Proc::ProcessTable(enable_ttys => 1)->table };
+}
 
 sub nr_ptable() {
     return \%ptable;

@mphilipps
Copy link
Author

Tested, it does hide the messages.

@liske liske closed this as completed in 67f41ec Dec 19, 2019
@liske
Copy link
Owner

liske commented Dec 19, 2019

Thanks!

@ahktenzero ahktenzero mentioned this issue Jul 8, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
v3.5
Development

No branches or pull requests
2 participants
@liske @mphilipps