[Lxc-users] LXC on Debian Squeeze

Daniel Lezcano dlezcano at fr.ibm.com
Sun Sep 26 14:18:47 UTC 2010 

On 09/26/2010 03:36 PM, Frank Bauer wrote:
> Hi list.
>
> Quick question: does LXC and lxc tools work on current 32 bit x86
> Debian Squeeze for you?
>
> Background:
>
> I had my first encounter with LXC exactly one year ago when Debian
> project made clear Linux-VServer will be dropped in favor of LXC after
> Squeeze is released. Debian had kernel 2.6.29 at that time and basic
> LXC stuff worked for me (i.e. I was able to create a container and
> play in it).
>
> My second attempt to get into LXC was earlier this year (February,
> March?) with Debian kernel 2.6.30 and lxc tools 6.5.
> Again, it worked for me and my small test cases (networking inside
> LXC, Alsa inside LXC, etc.)
>
> However, now with Debian kernel 2.6.32 and lxc tools 7.x I can't start
> my containers (both the old ones and completely new ones created by
> debootstrap as usual).
> This is the only output I get:
>
>   squeeze:~# lxc-start -n container
>   lxc-start: inherited fd 7 on pipe:[4220]
>   lxc-start: inherited fd 9 on pipe:[4224]
>   squeeze:~#
>
>   squeeze:~# lxc-info -n container
>   'container' is STOPPED
>   squeeze:~#
>
> Nothing in syslog.
> My config looks e.g. like this:
>
>   lxc.tty = 4
>   lxc.pts = 1024
>   lxc.rootfs = /root/container/rootfs
>   lxc.utsname = container
>   lxc.cgroup.devices.deny = a
>   # /dev/null and zero
>   lxc.cgroup.devices.allow = c 1:3 rwm
>   lxc.cgroup.devices.allow = c 1:5 rwm
>   # consoles
>   lxc.cgroup.devices.allow = c 5:1 rwm
>   lxc.cgroup.devices.allow = c 5:0 rwm
>   lxc.cgroup.devices.allow = c 4:0 rwm
>   lxc.cgroup.devices.allow = c 4:1 rwm
>   # /dev/{,u}random
>   lxc.cgroup.devices.allow = c 1:9 rwm
>   lxc.cgroup.devices.allow = c 1:8 rwm
>   lxc.cgroup.devices.allow = c 136:* rwm
>   lxc.cgroup.devices.allow = c 5:2 rwm
>   # rtc
>   lxc.cgroup.devices.allow = c 254:0 rwm
>
> lxc-checkconfig says everything is enabled except Cgroup memory controler.
>
> Any idea what might be wrong?

It is probable the parent process which spawned lxc didn't set correctly 
it's fd close-on-exec flag. That happens sometimes and it is most of the 
time a bug of the caller. Recently, that happened with crond and 
midnight commander.

As we don't want inherited file descriptor in a container, for security 
reason and, in the future, for the checkpoint / restart, we check when 
the container starts we didn't inherited any file descriptor from our 
parent process.

Hope that helps
   -- Daniel

More information about the lxc-users mailing list