[Lxc-users] connecting lxc-console is impossible after deny cgroup by default activated

[Thierry]

Le 05/11/2012 20:23, Serge Hallyn a écrit :
> Quoting Thierry (mysolo at cynetek.com):
>> My understanding was that you manually set lxc.cgroup.devices.deny = a
>> after starting up the container. Is that right, or not? If not, please
>> give your full config files for working and not working cases. -serge
>>
>> Using only configuration file. Not manually change cgroup after starting.
> 
> Ah, hm.
> 
>> join config file working and not working.
>>
>> tigra debian-dev # diff config_working config_notworking
>> 10c10
>> < #lxc.cgroup.devices.deny = a
>> ---
>>> lxc.cgroup.devices.deny = a
>>
>>
>>
>> A config file working:
>> tigra debian-dev # lxc-start -l DEBUG -o /var/log/lxc/debian-dev.log -n debian-dev -f /etc/lxc/debian-dev/config_working -d
> 
> Ok, can you attach or paste /var/log/lxc/debian-dev.log ?
> 
> What does 'lxc-checkconfig' show?
> 

kernel is hardened-source 3.6.2 of gentoo


tigra ~ # CONFIG=/usr/src/linux/.config lxc-checkconfig
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: missing
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: missing
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/sbin/lxc-checkconfig

-------------- next part --------------
A non-text attachment was scrubbed...
Name: debian-dev.log
Type: text/x-log
Size: 26216 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20121105/1b1a06b6/attachment.bin>