[lxc-devel] please open lxc-cgroup for unprivileged monitoring

Serge E. Hallyn serge at hallyn.com
Thu Oct 20 13:39:37 UTC 2016


On Wed, Oct 19, 2016 at 02:10:59PM +0200, Harald Dunkel wrote:
> Hi folks,
> 
> using an unprivileged account for monitoring lxc-cgroup
> returns a "permission denied" messages for something that
> is world readable in the /cgroup directory. Sample:
> 
> % lxc-cgroup -P /data1/lxc -n jerry1 memory.usage_in_bytes
> lxc-cgroup: tools/lxc_cgroup.c: main: 104 Insufficent privileges to control /data1/lxc:jerry1
> % cat /cgroup/lxc/jerry1/memory.usage_in_bytes
> 286883840
> 
> Following the api I am forced to use root permission or some
> hard-to-configure sudo constructs for monitoring. This is
> pretty painful.
> 
> Do you think this could be improved?

Not easily, because you won't be allowed to talk to the container
control socket to ask it its cgroup.


More information about the lxc-devel mailing list