[lxc-devel] Error "unshare: Operation not permitted" when trying to create user container
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Feb 20 14:21:29 UTC 2014
Quoting Brian Campbell (lambda at continuation.org):
> On Feb 18, 2014, at 10:25 AM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> > It looks like you're in the root cgroup and starting as non-root.
> > Without being root you indeed do not have the rights to create new
> > cgroups there. You'll need to either use lxc as root, or do something
> > like
> >
> > for d in /sys/fs/cgroup/*; do
> > sudo mkdir $d/lambda
> > sudo chown -R lambda: $d/lambda
> > echo $$ > $d/lambda/tasks
> > done
>
>
> Apologies for the slow followup, been a busy few days.
>
> Doing that gives me an error on the the cpuset cgroup (added an echo to see which one it was):
>
> /sys/fs/cgroup/blkio/lambda
> /sys/fs/cgroup/cpu/lambda
> /sys/fs/cgroup/cpuacct/lambda
> /sys/fs/cgroup/cpu,cpuacct/lambda
> /sys/fs/cgroup/cpuset/lambda
> -bash: echo: write error: No space left on device
> /sys/fs/cgroup/devices/lambda
> /sys/fs/cgroup/freezer/lambda
> /sys/fs/cgroup/net_cls/lambda
> /sys/fs/cgroup/perf_event/lambda
> /sys/fs/cgroup/systemd/lambda
>
> I decided to see if it would work anyhow, but it still fails. Any clue why cpuset would be failing?
You need to either echo 1 > /sys/fs/cgroup/cpuset/cgroup.clone_children,
or else manually cp cpuset.cpus and cpuset.mems from the parent to the
child cgroup. Otherwise you cannot place a task into the cgroup.
> Also, what is handling creating these initial per-user cgroups on
> Ubuntu? I'm just wondering where I can look to see it working
> correctly to compare against my setup.
That's systemd-logind, in 14.04. Before that you did have to do it by
hand.
-serge
More information about the lxc-devel
mailing list