[pkg-lxc-devel] Bug#888647: Bug#888647: lxc: unprivileged container doesn't boot due to cgroup ownership
Andrea Villa
andreakarimodm at gmail.com
Mon Jan 29 14:08:07 UTC 2018
Thanks for the reply Evgeni,
On Sun, Jan 28, 2018 at 12:24 PM, Evgeni Golov <evgeni at debian.org> wrote:
> Hi Andrea,
>
> On Sun, Jan 28, 2018 at 11:34:03AM +0100, Andrea Villa wrote:
> > Just create a simple user unprivileged lxc container after following
> the
> > official Debian documentation https://wiki.debian.org/LXC#
> > Unprivileged_container.
>
> Can we for a second pretend, wiki.d.o is not official documentation,
> thanks ;)
>
> And looking at the page, it lists at least a few steps that should not
> be needed.
>
> > Container fails when started with:
> >
> > ----------------
> > lxc-start 20170124115651.107 ERROR lxc_cgfs -
> > cgroups/cgfs.c:lxc_cgroupfs_create:909 - Could not set clone_children
> to 1
> > for cpuset hierarchy in parent cgroup.
> > lxc-start 20170124115651.107 ERROR lxc_cgfs -
> > cgroups/cgfs.c:cgroup_rmdir:209 - Read-only file system - cgroup_rmdir:
> > failed to delete /sys/fs/cgroup/perf_event/
>
> You're running a BPO kernel, right? Can you please try with the kernel
> from stable?
>
> I am running stable boxes with unprivileged containers just fine, so
> there is something weird here, and it might very well be the kernel.
>
I've just tried with kernel 4.9.65-3+deb9u2, which should be the latest for
stretch without backports. LXC refuses to start the containers
> > * What exactly did you do (or not do) that was effective (or
> > ineffective)?
> >
> > I have found this thread on LXC forums https://discuss.
> > linuxcontainers.org/t/failed-creating-cgroups/272/4 that suggests to use
> > the Ubuntu's version of the libpam-cgfs package.
> > The Ubuntu version of the package seems to include some patches that
> > properly set user's CGroups permission upon user's login.
>
> Ubuntus version (which one, btw?) does not carry patches, their
> packaging is usually just what we ship in Debian, plus sometimes faster
> upstream releases.
>
> >
> > * What was the outcome of this action?
> >
> > Installing the Ubuntu version of the libpam-cgfs fixes the
> problem.
> >
> >
> > I was not sure if I should have posted the bug here on in libpam-cfgs. I
> > hope you don't mind my choice.
>
> We can re-assing at will, so that's fine.
>
> Evgeni
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-lxc-devel/attachments/20180129/51a30e35/attachment.html>
More information about the Pkg-lxc-devel
mailing list