[pkg-lxc-devel] Bug#1030389: Bug#1030389: lxc: Conflict with new systemd cgroup unified hierarchy

Pierre-Elliott Bécue peb at debian.org
Mon Feb 6 14:24:21 GMT 2023 

Control: tags -1 -newcomer +wontfix
Control: severity -1 normal

Hi,

Linas Vepstas <linasvepstas at gmail.com> wrote on 03/02/2023 at 23:17:36+0100:

> Package: lxc
> Version: 1:4.0.6-2+deb11u1
> Severity: important
> Tags: newcomer
> X-Debbugs-Cc: linasvepstas at gmail.com
>
> Dear Maintainer,
>
> Hit the bug described here:
>
> https://github.com/systemd/systemd/issues/13477
>
> and also here:
>
> https://github.com/lxc/lxc/issues/4072
>
> According the the first github report, sometime around 2019 or earlier,
> 'systemd now defaults to the "unified" cgroup hierarchy setup' as
> explained in the second comment.  This means that the directory entry
> `/sys/fs/cgroup/systemd` is now missing. This prevents LXC containers
> from booting, as explained in the second github report. Running
> `lxc-start -F <my-container>` reveals the error message:
> ```
> Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted 
> ```
>
> There are two known work-arounds, I can confirm that both work. One is
> to create the missing cgroup entry mainually:
> ```
> mkdir -p /sys/fs/cgroup/systemd && mount -t cgroup cgroup -o none,name=systemd /sys/fs/cgroup/systemd
> ```
>
> which is stunningly hacky and inadvisable, but it does confirm the
> root cause of the problem: that directory is missing.
>
> The other work-around is to boot the host and disable the unified
> hierarchy, like so:
> ```
> # echo 'GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false' > /etc/default/grub.d/cgroup.cfg
> # update-grub
> # shutdown -r now
> ```
>
> Both of these work for me.  LXC is 100% unusable without this. How is
> it possible that this has not been reported to Debian before? Am I the
> only person on the planet using LXC on Debian???

No, but it sounds plausible that either you don't have apt-listchanges
and therefore didn't read the news entry telling how to make
unprivileged containers work with cgroupsv2, or you installed directly
LXC on bullseye and didn't read the readme present in
/usr/share/doc/lxc (file: README.Debian.gz).

In both cases, LXC is doing fine within Debian, and many people use it
on a daily basis.

-- 
PEB

More information about the Pkg-lxc-devel mailing list