[pkg-lxc-devel] Bug#888647: lxc: unprivileged container doesn't boot due to cgroup ownership
Andrea Villa
andreakarimodm at gmail.com
Sun Jan 28 10:34:03 UTC 2018
Package: lxc
Version: 1:2.0.7-2+deb9u1
Severity: normal
Tags: patch
Dear Maintainer,
* What led up to the situation?
Just create a simple user unprivileged lxc container after following the
official Debian documentation https://wiki.debian.org/LXC#
Unprivileged_container.
Container fails when started with:
----------------
lxc-start 20170124115651.107 ERROR lxc_cgfs -
cgroups/cgfs.c:lxc_cgroupfs_create:909 - Could not set clone_children to 1
for cpuset hierarchy in parent cgroup.
lxc-start 20170124115651.107 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Read-only file system - cgroup_rmdir:
failed to delete /sys/fs/cgroup/perf_event/
lxc-start 20170124115651.107 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Read-only file system - cgroup_rmdir:
failed to delete /sys/fs/cgroup/cpuset/
lxc-start 20170124115651.107 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Read-only file system - cgroup_rmdir:
failed to delete /sys/fs/cgroup/net_cls,net_prio/
lxc-start 20170124115651.107 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/pids/user.slice/user-1000.slice/session-2.scope
lxc-start 20170124115651.108 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/memory/user.slice
lxc-start 20170124115651.108 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Read-only file system - cgroup_rmdir:
failed to delete /sys/fs/cgroup/freezer/
lxc-start 20170124115651.108 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/blkio/user.slice
lxc-start 20170124115651.108 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/cpu,cpuacct/user.slice
lxc-start 20170124115651.109 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/devices/user.slice
lxc-start 20170124115651.109 ERROR lxc_cgfs -
cgroups/cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/systemd/user.slice/user-1000.slice/session-2.scope
lxc-start 20170124115651.109 ERROR lxc_start -
start.c:lxc_spawn:1108 - Failed creating cgroups.
lxc-start 20170124115651.109 ERROR lxc_start -
start.c:__lxc_start:1346 - Failed to spawn container "ubuntu".
lxc-start 20170124115651.616 ERROR lxc_start_ui -
tools/lxc_start.c:main:366 - The container failed to start.
lxc-start 20170124115651.616 ERROR lxc_start_ui -
tools/lxc_start.c:main:370 - Additional information can be obtained by
setting the --logfile and --logpriority options.
----------------
* What exactly did you do (or not do) that was effective (or
ineffective)?
I have found this thread on LXC forums https://discuss.
linuxcontainers.org/t/failed-creating-cgroups/272/4 that suggests to use
the Ubuntu's version of the libpam-cgfs package.
The Ubuntu version of the package seems to include some patches that
properly set user's CGroups permission upon user's login.
* What was the outcome of this action?
Installing the Ubuntu version of the libpam-cgfs fixes the problem.
I was not sure if I should have posted the bug here on in libpam-cfgs. I
hope you don't mind my choice.
Bests,
Andrea
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (400, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.14.0-0.bpo.3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages lxc depends on:
ii init-system-helpers 1.48
ii libapparmor1 2.11.0-3
ii libc6 2.24-11+deb9u1
ii libcap2 1:2.25-1
ii libgnutls30 3.5.8-5+deb9u3
ii liblxc1 1:2.0.7-2+deb9u1
ii libseccomp2 2.3.1-2.1
ii libselinux1 2.6-3+b3
ii lsb-base 9.20161125
ii python3 3.5.3-1
ii python3-lxc 1:2.0.7-2+deb9u1
Versions of packages lxc recommends:
ii bridge-utils 1.5-13+deb9u1
ii debootstrap 1.0.92~bpo9+1
ii dirmngr 2.1.18-8~deb9u1
ii dnsmasq-base 2.76-5+deb9u1
ii gnupg 2.1.18-8~deb9u1
ii iptables 1.6.1-2~bpo9+1
ii libpam-cgfs 2.0.7-1
ii lxcfs 2.0.7-1
ii openssl 1.1.0f-3+deb9u1
ii rsync 3.1.2-1+deb9u1
ii uidmap 1:4.4-4.1
Versions of packages lxc suggests:
ii apparmor 2.11.0-3
pn btrfs-tools <none>
ii lvm2 2.02.168-2
-- Configuration Files:
/etc/lxc/default.conf changed [not included]
-- no debconf information
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-lxc-devel/attachments/20180128/2766590e/attachment.html>
More information about the Pkg-lxc-devel
mailing list