[Lxc-users] setrlimit(3) and containers
Mikhail Gusarov
dottedmag at dottedmag.net
Thu Apr 1 09:24:05 UTC 2010
Hello.
I have tried to run two containers with avahi-daemon in each. First
avahi-daemon starts fine, while second fails with
# /usr/sbin/avahi-daemon
Found user 'avahi' (UID 103) and group 'avahi' (GID 105).
Successfully dropped root privileges.
chroot.c: fork() failed: Resource temporarily unavailable
failed to start chroot() helper daemon.
cf-slave1:~#
After some thinking and strace'ing I figured out that the following is
the cause:
cf-slave1:~# strace /usr/sbin/avahi-daemon
...
setresuid32(103, 103, 103) = 0
...
setrlimit(RLIMIT_NPROC, {rlim_cur=3, rlim_max=3}) = 0
...
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb761d908) = -1 EAGAIN (Resource temporarily unavailable)
...
#
Here process drops root privileges, setuids to uid=103 and limits itself
to 3 processes with this uid. Clone fails due to fact there are two
processes with uid=103 running in another container.
Is it a known limitation, or maybe this is already handled in newer
kernels? (I use 2.6.32)
--
http://fossarchy.blogspot.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20100401/85b915c1/attachment.pgp>
More information about the lxc-users
mailing list