<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">Hello everyone,</span></p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">A couple of months ago I created some provisioning scripts to install lxc on the host, and then add a separate user to create and run unprivileged containers.
</span><br>
</p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;"><b><span style="font-family: "Courier New",monospace; font-size: 9pt;">Host os: ubuntu server 14.0.4.3 LTS</span></b></span><br>
</p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 10pt;"><i><b><span style="font-size: 9pt;"><span style="font-family: "Courier New",monospace; font-size: 9pt;">A</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">s
</span></span><span style="font-size: 9pt;"><span style="font-family: "Courier New",monospace; font-size: 9pt;">root</span><span style="font-family: "Courier New",monospace; font-size: 9pt;"> user</span></span></b></i><span style="font-size: 9pt; font-family: "Courier New",monospace;"><b></b>:</span></span></p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">Installs lxc, adds the user for unpriv. containers and does some settings (nothing special I left it out for now as nothing changed there).</span><br>
</p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">Then it launches the script below with the container user:</span></p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">sshpass -p "$CNT_PASSWORD" ssh -o StrictHostKeyChecking=no "$CNT_USER@localhost" "$SCRIPTS_DIR_FOR_INSTALL/setup_empty_container.sh" "$NAME" 0 0 0</span><br>
</p>
<p><br>
</p>
<p><br>
</p>
<p><b></b><span style="font-family: "Courier New",monospace; font-size: 9pt;"><b><span style="font-family: "Courier New",monospace; font-size: 9pt;">The script called</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">, </span><span style="font-family: "Courier New",monospace; font-size: 9pt;">as
CNT_USER does</span></b><span style="font-family: "Courier New",monospace; font-size: 9pt;">:</span></span><br>
</p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">lxc-create -t download -n "$NAME" -- -d ubuntu -r trusty -a amd64</span><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">lxc-start -n "$NAME" -d</span><br>
</p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;"><span style="font-family: "Courier New",monospace; font-size: 9pt;">This worked fine. The container downloaded, installed and then could be started just fine. Now the newly container</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">
</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">f</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">a</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">i</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">l</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">s</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">
to start. Rebooting the host, and the container can be started again.</span></span></p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;"><span style="font-family: "Courier New",monospace; font-size: 9pt;">Nothing changed to the install scripts</span><span style="font-family: "Courier New",monospace; font-size: 9pt;"> - except
today I patched the host OS </span><span style="font-family: "Courier New",monospace; font-size: 9pt;">to the latest patches (just ordinary update & upgrade). The install still works, but the</span><span style="font-family: "Courier New",monospace; font-size: 9pt;">
container fails to start (part of the debug where it goes wrong):</span></span></p>
<p><br>
</p>
<p></p>
<div><span style="font-family: "Courier New",monospace; font-size: 10pt;"><span style="font-size: 9pt; font-family: "Courier New",monospace;"></span><span style="font-size: 9pt; font-family: "Courier New",monospace;"> lxc-start 20160605141904.134 INFO
lxc_monitor - monitor.c:lxc_monitor_sock_name:178 - using monitor sock name lxc/01a94ea14f07b6c1//home/cntusr/.local/share/lxc</span></span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.136 INFO lxc_start - start.c:lxc_init:488 - 'cnt-base' is initialized</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.136 DEBUG lxc_start - start.c:__lxc_start:1326 - Not dropping cap_sys_boot or watching utmp</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.136 INFO lxc_start - start.c:resolve_clone_flags:1013 - Cloning a new user namespace</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.136 INFO lxc_cgroup - cgroup.c:cgroup_init:68 - cgroup driver cgroupfs initing for cnt-base</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.136 ERROR lxc_cgfs - cgfs.c:lxc_cgroupfs_create:1007 - Permission denied - Could not create cgroup '/lxc' in '/sys/fs/cgroup/freezer'.</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.136 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/hugetlb/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/net_prio/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/perf_event/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/net_cls/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/freezer/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuacct/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuset/</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_cgfs - cgfs.c:cgroup_rmdir:209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd/user/1002.user/8.session</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_start - start.c:lxc_spawn:1100 - failed creating cgroups</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 ERROR lxc_start - start.c:__lxc_start:1353 - failed to spawn 'cnt-base'</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.137 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'cnt-base', config section 'lxc'</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141904.640 WARN lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_cgroup failed to receive response</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141909.645 ERROR lxc_start_ui - lxc_start.c:main:344 - The container failed to start.</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141909.645 ERROR lxc_start_ui - lxc_start.c:main:346 - To get more details, run the container in foreground mode.</span><br>
<span style="font-family: "Courier New",monospace; font-size: 9pt;"> lxc-start 20160605141909.645 ERROR lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.</span></div>
<br>
<p></p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">So this has probably to do with the user initially created and it's cgroups but I am not sure why this fails now. It does successfully create the container, but cannot start it.<br>
</span></p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;"><br>
</span></p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">After a reboot of the host it works again, and the container created can be started just fine with the container user.<br>
</span></p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">Does someone have an idea what is wrong as of a sudden?</span><br>
</p>
<p><br>
</p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">Thanks,</span></p>
<p><span style="font-family: "Courier New",monospace; font-size: 9pt;">Martijn</span><br>
</p>
</div>
</body>
</html>