[Lxc-users] can't remove cgroup

Serge Hallyn serge.hallyn at canonical.com
Fri Jun 17 17:13:23 UTC 2011


Quoting Brian K. White (brian at aljex.com):
> On 6/17/2011 12:06 PM, Serge Hallyn wrote:
> > Quoting Brian K. White (brian at aljex.com):
> >> On 6/16/2011 3:26 PM, Serge Hallyn wrote:
> >>> Quoting Brian K. White (brian at aljex.com):
> >>>> I thought we killed this problem?
> >>> ...
> >>>> nj12:~ # rm -rf /sys/fs/cgroup/vps001
> >>>
> >>> rmdir
> >>>
> >>
> >> Did that too. no joy.
> >>
> >> In fact I did both the main directory and several runs of find|xargs to
> >> delete files and directories using rm -f , rm -rf and rmdir.
> >> I'll have to wait for it to happen again to diagnose what the problem
> >> was. I had to reboot the host because I needed that vm back up.
> >>
> >> I'm guessing the developer was doing something I didn't expect within
> >> the vm, besides the use of the reboot command, to tie up the context
> >> group even after all processes went away.
> >
> > Or maybe, if you don't have a release agent set, he just ran something
> > like vsftpd which created new cgroups by cloning?
> >
> > -serge
> >
> 
> I do have a release agent, and I usually have the required vsftpd config 
> options to disable namespace usage as part of my recipe for setting up 
> all systems, but I did not do most of the setup of these particular 
> vm's, I'm trying to get one of my people up to speed so they can do it 
> so I intentionally stayed away.
> 
> It's entirely possible the special vsftpd config either didn't get done, 
> or got lost in a full distribution version in-place upgrade that was 
> done from within the vm.
> 
> ... aha, just checked. An old version of my template vsftpd config was 
> used which did not yet have the namespace options.
> 
> I will add them and test! (as well as update the source of the template 
> config obviously)
> 
> Thank you even if this doesn't turn out to be the culprit of this 
> incident, it's still a hole I missed.

Hm, if you have release agents then that shouldn't be the problem,
unless there was a client still connected to one of those vsftpd
servers (which I think you've said was not the case).

-serge




More information about the lxc-users mailing list