<div dir="ltr">hi serge,<div>thanks for the response, <br>i am running ubuntu 14.04 running 3.13 kernel (uname -a Linux automator 3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux),</div><div>cgmanage is running (sudo status cgmanager) but cgproxy is not , i thought cgproxy is needed only inside the container, for nesting.</div><div>i have not executed `<span style="font-size:12.6666669845581px">cgm movepidabs all / $$`, cgm does not support this argument. Should i install cgmanager from daily ppa?</span></div><div><span style="font-size:12.6666669845581px">I can create and start unprivileged containers from the same host as my own user, but not as the `go` user (which run CI server, and as part of the build im trying to create and publish containers), </span></div><div><span style="font-size:12.6666669845581px"><br></span></div><div><span style="font-size:12.6666669845581px">following is the ps -ef output</span></div><div><span style="font-size:12.6666669845581px"><br></span></div><div><span style="font-size:12.6666669845581px"><br></span></div><div><span style="font-size:12.6666669845581px">UID PID PPID C STIME TTY TIME CMD</span></div><div><span style="font-size:12.6666669845581px">root 1 0 0 Jan02 ? 00:00:04 /sbin/init</span></div><div><span style="font-size:12.6666669845581px">root 2 0 0 Jan02 ? 00:00:00 [kthreadd]</span></div><div><span style="font-size:12.6666669845581px">root 3 2 0 Jan02 ? 00:00:00 [ksoftirqd/0]</span></div><div><span style="font-size:12.6666669845581px">root 5 2 0 Jan02 ? 00:00:00 [kworker/0:0H]</span></div><div><span style="font-size:12.6666669845581px">root 7 2 0 Jan02 ? 00:01:51 [rcu_sched]</span></div><div><span style="font-size:12.6666669845581px">root 8 2 0 Jan02 ? 00:01:41 [rcuos/0]</span></div><div><span style="font-size:12.6666669845581px">root 9 2 0 Jan02 ? 00:01:11 [rcuos/1]</span></div><div><span style="font-size:12.6666669845581px">root 10 2 0 Jan02 ? 00:00:00 [rcu_bh]</span></div><div><span style="font-size:12.6666669845581px">root 11 2 0 Jan02 ? 00:00:00 [rcuob/0]</span></div><div><span style="font-size:12.6666669845581px">root 12 2 0 Jan02 ? 00:00:00 [rcuob/1]</span></div><div><span style="font-size:12.6666669845581px">root 13 2 0 Jan02 ? 00:00:02 [migration/0]</span></div><div><span style="font-size:12.6666669845581px">root 14 2 0 Jan02 ? 00:00:00 [watchdog/0]</span></div><div><span style="font-size:12.6666669845581px">root 15 2 0 Jan02 ? 00:00:00 [watchdog/1]</span></div><div><span style="font-size:12.6666669845581px">root 16 2 0 Jan02 ? 00:00:02 [migration/1]</span></div><div><span style="font-size:12.6666669845581px">root 17 2 0 Jan02 ? 00:00:00 [ksoftirqd/1]</span></div><div><span style="font-size:12.6666669845581px">root 19 2 0 Jan02 ? 00:00:00 [kworker/1:0H]</span></div><div><span style="font-size:12.6666669845581px">root 20 2 0 Jan02 ? 00:00:00 [khelper]</span></div><div><span style="font-size:12.6666669845581px">root 21 2 0 Jan02 ? 00:00:00 [kdevtmpfs]</span></div><div><span style="font-size:12.6666669845581px">root 22 2 0 Jan02 ? 00:00:00 [netns]</span></div><div><span style="font-size:12.6666669845581px">root 23 2 0 Jan02 ? 00:00:00 [xenwatch]</span></div><div><span style="font-size:12.6666669845581px">root 24 2 0 Jan02 ? 00:00:00 [xenbus]</span></div><div><span style="font-size:12.6666669845581px">root 25 2 0 Jan02 ? 00:00:00 [writeback]</span></div><div><span style="font-size:12.6666669845581px">root 26 2 0 Jan02 ? 00:00:00 [kintegrityd]</span></div><div><span style="font-size:12.6666669845581px">root 27 2 0 Jan02 ? 00:00:00 [bioset]</span></div><div><span style="font-size:12.6666669845581px">root 28 2 0 Jan02 ? 00:00:01 [kworker/u5:0]</span></div><div><span style="font-size:12.6666669845581px">root 29 2 0 Jan02 ? 00:00:00 [kblockd]</span></div><div><span style="font-size:12.6666669845581px">root 31 2 0 Jan02 ? 00:00:00 [ata_sff]</span></div><div><span style="font-size:12.6666669845581px">root 32 2 0 Jan02 ? 00:00:00 [khubd]</span></div><div><span style="font-size:12.6666669845581px">root 33 2 0 Jan02 ? 00:00:00 [md]</span></div><div><span style="font-size:12.6666669845581px">root 34 2 0 Jan02 ? 00:00:00 [devfreq_wq]</span></div><div><span style="font-size:12.6666669845581px">root 37 2 0 Jan02 ? 00:00:00 [khungtaskd]</span></div><div><span style="font-size:12.6666669845581px">root 38 2 0 Jan02 ? 00:00:00 [kswapd0]</span></div><div><span style="font-size:12.6666669845581px">root 39 2 0 Jan02 ? 00:00:00 [ksmd]</span></div><div><span style="font-size:12.6666669845581px">root 40 2 0 Jan02 ? 00:00:00 [fsnotify_mark]</span></div><div><span style="font-size:12.6666669845581px">root 41 2 0 Jan02 ? 00:00:00 [ecryptfs-kthrea]</span></div><div><span style="font-size:12.6666669845581px">root 42 2 0 Jan02 ? 00:00:00 [crypto]</span></div><div><div>root 54 2 0 Jan02 ? 00:00:00 [kthrotld]</div><div>root 56 2 0 Jan02 ? 00:00:00 [khvcd]</div><div>root 75 2 0 Jan02 ? 00:00:00 [deferwq]</div><div>root 76 2 0 Jan02 ? 00:00:00 [charger_manager]</div><div>root 127 2 0 Jan02 ? 00:00:00 [kdmflush]</div><div>root 128 2 0 Jan02 ? 00:00:00 [bioset]</div><div>root 179 2 0 Jan02 ? 00:00:10 [jbd2/xvda1-8]</div><div>root 180 2 0 Jan02 ? 00:00:00 [ext4-rsv-conver]</div><div>root 315 2 0 Jan02 ? 00:00:15 [jbd2/dm-0-8]</div><div>root 316 2 0 Jan02 ? 00:00:00 [ext4-rsv-conver]</div><div>root 388 1 0 Jan02 ? 00:00:00 upstart-udev-bridge --daemon</div><div>root 393 1 0 Jan02 ? 00:00:00 /lib/systemd/systemd-udevd --daemon</div><div>root 521 1 0 Jan02 ? 00:00:00 upstart-socket-bridge --daemon</div><div>root 613 1 0 Jan02 ? 00:00:00 dhclient -1 -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0</div><div>message+ 792 1 0 Jan02 ? 00:00:00 dbus-daemon --system --fork</div><div>root 821 1 0 Jan02 ? 00:00:05 /lib/systemd/systemd-logind</div><div>root 838 1 0 Jan02 ? 00:00:00 upstart-file-bridge --daemon</div><div>root 1141 1 0 Jan02 ? 00:00:08 /usr/sbin/racoon</div><div>root 1197 1 0 Jan02 ? 00:00:02 runsvdir -P /etc/service log: ...............................................................................</div><div>root 1198 1 0 Jan02 tty4 00:00:00 /sbin/getty -8 38400 tty4</div><div>root 1201 1 0 Jan02 tty5 00:00:00 /sbin/getty -8 38400 tty5</div><div>root 1205 1 0 Jan02 tty2 00:00:00 /sbin/getty -8 38400 tty2</div><div>root 1206 1 0 Jan02 tty3 00:00:00 /sbin/getty -8 38400 tty3</div><div>root 1208 1 0 Jan02 tty6 00:00:00 /sbin/getty -8 38400 tty6</div><div>root 1248 1 0 Jan02 ? 00:00:00 /usr/sbin/sshd -D</div><div>root 1252 1 0 Jan02 ? 00:00:10 cron</div><div>daemon 1255 1 0 Jan02 ? 00:00:00 atd</div><div>root 1256 1 0 Jan02 ? 00:00:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket</div><div>lxc-dns+ 1336 1 0 Jan02 ? 00:00:00 dnsmasq -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid --conf-file= --listen</div><div>root 1495 1 0 Jan02 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe</div><div>root 2596 2 0 Jan02 ? 00:00:02 [kauditd]</div><div>root 3194 1 0 Jan02 ? 00:00:02 /usr/lib/postfix/master</div><div>postfix 3199 3194 0 Jan02 ? 00:00:00 qmgr -l -t unix -u</div><div>root 3499 1 0 Jan02 tty1 00:00:00 /sbin/getty -8 38400 tty1</div><div>root 9934 1 0 Jan05 ? 00:00:04 /sbin/cgmanager --sigstop --debug -m name=systemd</div><div>root 24028 1248 0 20:15 ? 00:00:00 sshd: ranjib [priv]</div><div>ranjib 24036 24028 0 20:15 ? 00:00:00 sshd: ranjib@pts/0</div><div>ranjib 24113 24037 0 20:15 pts/0 00:00:00 ps -ef</div></div><div><br></div><div>regards</div><div>ranjib</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jan 7, 2015 at 12:12 PM, Serge Hallyn <span dir="ltr"><<a href="mailto:serge.hallyn@ubuntu.com" target="_blank">serge.hallyn@ubuntu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Quoting Ranjib Dey (<a href="mailto:dey.ranjib@gmail.com">dey.ranjib@gmail.com</a>):<br>
> Hi serge,<br>
<br>
Hm I thought I'd already asked this but dont' see it - what kernel<br>
are you running, and is a cgproxy running? What does 'ps -ef' and<br>
'uname -a' show?<br>
<span class=""><br>
> when i execute `cgm movepid all go $(pid)` as root, i get the following<br>
> error<br>
><br>
> MovePid: Client fd is: 6 (pid=16139, uid=0, gid=0)<br>
> cgmanager:do_move_pid_main: victim's cgroup is not under proxy's (p.uid 0)<br>
> Disconnected from private client<br>
<br>
</span>Did root first do a 'cgm movepidabs all / $$' ?<br>
<div class="HOEnZb"><div class="h5"><br>
> if i try sudo -u go cgm movepid all go $(pid), it picks up correct p.uid,<br>
> but still fails<br>
><br>
> Connection from private client<br>
> MovePid: Client fd is: 6 (pid=16612, uid=111, gid=117)<br>
> cgmanager:do_move_pid_main: victim's cgroup is not under proxy's (p.uid 111)<br>
> Disconnected from private client<br>
><br>
><br>
> regards<br>
> ranjib<br>
><br>
> On Mon, Jan 5, 2015 at 12:11 PM, Serge Hallyn <<a href="mailto:serge.hallyn@ubuntu.com">serge.hallyn@ubuntu.com</a>><br>
> wrote:<br>
><br>
> > Quoting Ranjib Dey (<a href="mailto:dey.ranjib@gmail.com">dey.ranjib@gmail.com</a>):<br>
> > > following is the debug log:<br>
> > ><br>
> > > MovePid: Client fd is: 6 (pid=10783, uid=111, gid=117)<br>
> > > cgmanager: Invalid path<br>
> > > /run/cgmanager/fs/hugetlb/user/1001.user/83.session/go<br>
> > > cgmanager:do_move_pid_main: Invalid path<br>
> > > /run/cgmanager/fs/hugetlb/user/1001.user/83.session/go<br>
> > > Disconnected from private client<br>
> > ><br>
> > > 1001 is wrong user (my login user), not `go` user's UID, which is 100.<br>
> ><br>
> > I assume you're running this using sudo from uid 1001. Since that is<br>
> > also how you did the create and chown, that should be ok. I'm not<br>
> > understanding why the cg does not exist.<br>
> ><br>
> > The least confusing thing to do might be to have root do<br>
> > something like<br>
> ><br>
> > cgm movepidabs all / $$<br>
> > cgm create all go<br>
> > cgm chown all go $(id -u go) $(id -g go)<br>
> > cgh movepid all go $(pid)<br>
> ><br>
> > > /run/cgmanager/fs/hugetlb/ directory is empty,<br>
> ><br>
> > It's in a private namespace. You'd have to mount it yourself to<br>
> > see.<br>
> > _______________________________________________<br>
> > lxc-users mailing list<br>
> > <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
> > <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
<br>
> _______________________________________________<br>
> lxc-users mailing list<br>
> <a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
> <a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a><br>
<br>
_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></div></div></blockquote></div><br></div>