[Lxc-users] Restoring a process fails under lxc 1.0.0.alpha1

Serge Hallyn serge.hallyn at ubuntu.com
Fri Oct 4 13:50:00 UTC 2013 

Quoting Frederico Araujo (araujof at gmail.com):
> Hi,
> 
> I've been using checkpoint/restore (CRIU 0.7) under lxc containers on
> Ubuntu Saucy for a while and everything was running smoothly until I
> updated my lxc from version 0.9 to the new release (1.0.0.alpha1). After
> the update, restoring even a simple program (no sockets, just a simple
> infinite loop printing some text) returns:
> 
> "Error (cr-restore.c:894): 475: Can't open /proc/sys/kernel/ns_last_pid:
> Permission denied"
> 
> My container was configured using the lxc template for Ubuntu, using the
> default configuration. So, my question is: did the new version of lxc
> changed anything related to access permission to the
> /proc/sys/kernel/ns_last_pid file? I am running CRIU restore as root inside

The apparmor policy doesn't allow writing to that file by default.
Either add an allow statement to the policy, or have the container
run unconfined.

> the container. I made a small test running CRIU restore on the host machine
> and it works fine; my best guess is that something has changed in the way
> LXC handles the container's root permissions. If not, am I missing
> something? Is there a way to allow a container root to open ns_last_pid
> with R/W permissions from inside the container (I checked CRIU source code
> and this is where it fails)?
> 
> I am running host and container on Ubuntu Saucy (3.11.0-7). Also, 'sysctl
> kernel.ns_last_pid' works fine from inside the container.
> 
> Any help will be appreciated!
> Thanks,
> Fred

> ------------------------------------------------------------------------------
> LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
> 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
> 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
> Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
> http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk

> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users

More information about the lxc-users mailing list