[lxc-users] Cannot start unprivileged containers after first provisioning Ubuntu 14.04 instance
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Aug 21 13:56:20 UTC 2014
Quoting Justin Hume (justin.df.hume at gmail.com):
> Hi,
>
> --- My system ---
> Kernel version: 3.13.0-29-generic
> Release: 14.04
> Platform: ec2
> LXC: 1.0.5
> ---
>
> I cannot start an unprivileged LXC container on Ubuntu 14.04 after
> installing LXC and configuring unprivileged container access, as per
> https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/.
> However, after restarting the instance, unprivileged containers can be
> created.
>
> The error message, on "lxc-start -n cn_name", is as follows:
>
> lxc_container: call to cgmanager_create_sync failed: invalid request
> lxc_container: Failed to create hugetlb:p1
> lxc_container: Error creating cgroup hugetlb:p1
> lxc_container: failed creating cgroups
> lxc_container: failed to spawn 'p1'
> lxc_container: The container failed to start.
> lxc_container: Additional information can be obtained by setting the
> --logfile and --log-priority options.
>
> This is the same issue, as found here:
>
> https://lists.linuxcontainers.org/pipermail/lxc-users/2014-July/007413.html
>
> I've tried things suggested (restart cgmanager etc.) in this thread, with
> no result. The only additional info I've found is a discrepancy of the
> contents of the "/proc/self/cgroup" file before and after restart of the
> instance.
>
> Before:
> 11:hugetlb:/
> 10:perf_event:/
> 9:blkio:/
> 8:freezer:/
> 7:devices:/
> 6:memory:/
> 5:cpuacct:/
> 4:cpu:/
> 3:cpuset:/
> 2:name=systemd:/user/1000.user/1.session
>
> After:
> 11:hugetlb:/user/1000.user/1.session
> 10:perf_event:/user/1000.user/1.session
> 9:blkio:/user/1000.user/1.session
> 8:freezer:/user/1000.user/1.session
> 7:devices:/user/1000.user/1.session
> 6:memory:/user/1000.user/1.session
> 5:cpuacct:/user/1000.user/1.session
> 4:cpu:/user/1000.user/1.session
> 3:cpuset:/user/1000.user/1.session
> 2:name=systemd:/user/1000.user/1.session
so 'After' unprivileged container start will work.
> It looks like required cgroups have not been delegated? I don't have a deep
> understanding of cgroups, or of how cgroups and LXC interact, so the answer
> may be obvious to someone else. Thanks in advance for your time,
What exactly is your question?
More information about the lxc-users
mailing list