[Lxc-users] LXC on Debian Squeeze
Daniel Lezcano
dlezcano at fr.ibm.com
Sun Sep 26 14:18:47 UTC 2010
On 09/26/2010 03:36 PM, Frank Bauer wrote:
> Hi list.
>
> Quick question: does LXC and lxc tools work on current 32 bit x86
> Debian Squeeze for you?
>
> Background:
>
> I had my first encounter with LXC exactly one year ago when Debian
> project made clear Linux-VServer will be dropped in favor of LXC after
> Squeeze is released. Debian had kernel 2.6.29 at that time and basic
> LXC stuff worked for me (i.e. I was able to create a container and
> play in it).
>
> My second attempt to get into LXC was earlier this year (February,
> March?) with Debian kernel 2.6.30 and lxc tools 6.5.
> Again, it worked for me and my small test cases (networking inside
> LXC, Alsa inside LXC, etc.)
>
> However, now with Debian kernel 2.6.32 and lxc tools 7.x I can't start
> my containers (both the old ones and completely new ones created by
> debootstrap as usual).
> This is the only output I get:
>
> squeeze:~# lxc-start -n container
> lxc-start: inherited fd 7 on pipe:[4220]
> lxc-start: inherited fd 9 on pipe:[4224]
> squeeze:~#
>
> squeeze:~# lxc-info -n container
> 'container' is STOPPED
> squeeze:~#
>
> Nothing in syslog.
> My config looks e.g. like this:
>
> lxc.tty = 4
> lxc.pts = 1024
> lxc.rootfs = /root/container/rootfs
> lxc.utsname = container
> lxc.cgroup.devices.deny = a
> # /dev/null and zero
> lxc.cgroup.devices.allow = c 1:3 rwm
> lxc.cgroup.devices.allow = c 1:5 rwm
> # consoles
> lxc.cgroup.devices.allow = c 5:1 rwm
> lxc.cgroup.devices.allow = c 5:0 rwm
> lxc.cgroup.devices.allow = c 4:0 rwm
> lxc.cgroup.devices.allow = c 4:1 rwm
> # /dev/{,u}random
> lxc.cgroup.devices.allow = c 1:9 rwm
> lxc.cgroup.devices.allow = c 1:8 rwm
> lxc.cgroup.devices.allow = c 136:* rwm
> lxc.cgroup.devices.allow = c 5:2 rwm
> # rtc
> lxc.cgroup.devices.allow = c 254:0 rwm
>
> lxc-checkconfig says everything is enabled except Cgroup memory controler.
>
> Any idea what might be wrong?
It is probable the parent process which spawned lxc didn't set correctly
it's fd close-on-exec flag. That happens sometimes and it is most of the
time a bug of the caller. Recently, that happened with crond and
midnight commander.
As we don't want inherited file descriptor in a container, for security
reason and, in the future, for the checkpoint / restart, we check when
the container starts we didn't inherited any file descriptor from our
parent process.
Hope that helps
-- Daniel
More information about the lxc-users
mailing list