[lxc-devel] please open lxc-cgroup for unprivileged monitoring
Serge E. Hallyn
serge at hallyn.com
Thu Oct 20 13:39:37 UTC 2016
On Wed, Oct 19, 2016 at 02:10:59PM +0200, Harald Dunkel wrote:
> Hi folks,
>
> using an unprivileged account for monitoring lxc-cgroup
> returns a "permission denied" messages for something that
> is world readable in the /cgroup directory. Sample:
>
> % lxc-cgroup -P /data1/lxc -n jerry1 memory.usage_in_bytes
> lxc-cgroup: tools/lxc_cgroup.c: main: 104 Insufficent privileges to control /data1/lxc:jerry1
> % cat /cgroup/lxc/jerry1/memory.usage_in_bytes
> 286883840
>
> Following the api I am forced to use root permission or some
> hard-to-configure sudo constructs for monitoring. This is
> pretty painful.
>
> Do you think this could be improved?
Not easily, because you won't be allowed to talk to the container
control socket to ask it its cgroup.
More information about the lxc-devel
mailing list