[pkg-lxc-devel] Bug#934387: Bug#934387: lxc: privileged LXC container do not start: ERROR cgfsng - cgroups/cgfsng.c:__do_cgroup_enter:1498 - No space left on device - Failed to enter cgroup "/sys/fs/cgroup/cpuset//lxc.monitor/test-container/cgroup.procs"

[Salvatore Bonaccorso]

Hi

Thanks for your followup here and those on IRC:

On Sat, Aug 10, 2019 at 09:59:17PM +0200, Pierre-Elliott Bécue wrote:
> I'll follow up to github to ask for some help, but have you tried to
> debug the "no space left on device" part? Are cgroups properly
> available?

Not on the first, but cgroups are properly available (and used as
systemd needs those as well):

cat /proc/cgroups
#subsys_name    hierarchy       num_cgroups     enabled
cpuset  9       44      1
cpu     5       93      1
cpuacct 5       93      1
blkio   6       93      1
memory  3       251     1
devices 8       94      1
freezer 2       9       1
net_cls 10      4       1
perf_event      11      4       1
net_prio        10      4       1
pids    7       107     1
rdma    4       4       1

following our discussion on IRC I tested a couple of things.

Setting "lxc.apparmor.profile = unconfined" did not change, the
containers can still not be started.

Next I builded a version on top of the one in sid uncommenting
0001-0003 patches in series file, and as well updated the symbols file
according to the now not anymore available symbols added via the 0001
patch. Here as well uncommented the lxc.apparmor.allow_nesting option
settings.

Regards,
Salvatore