[lxc-users] Nested containers

Stéphane Graber stgraber at ubuntu.com
Tue Jan 14 20:32:46 UTC 2014


On Tue, Jan 14, 2014 at 06:16:08PM +0100, Marc Aymerich wrote:
> Hi,
> 
> I'm trying to boot a Debian LXC container inside another Debian
> container, Ubuntu is my host.
> 
> My base container uses the following app armor prfofile, in order to
> allow forking nested containers:
> https://dl.stgraber.org/lxc-with-nesting
> 
> However I'm getting a cgroups related issue when I try to start a
> nested container:
> root at orchestra:~# lxc-start -n web
> lxc-start: No cgroup mounted on the system
> lxc-start: failed to spawn 'web'
> 
> I've tried configuring the following mountpoint on the base container config:
> lxc.mount.entry = cgroup  /sys/fs/cgroup  cgroup defaults 0 0
> 
> Also tried to define a cgroup mountpoint on the base container /etc/fstab
> cgroup  /sys/fs/cgroup  cgroup  defaults  0   0
> 
> but without any luck:
> root at orchestra:~# mount /sys/fs/cgroup
> mount: block device cgroup is write-protected, mounting read-only
> mount: cannot mount block device cgroup read-only
> 
> 
> Any idea about how cgroups can be enabled inside a container?
> 
> Thanks!!!

Did you set "lxc.aa_profile = lxc-container-default-with-nesting" for
both the parent containers?

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140114/9f62f995/attachment.pgp>


More information about the lxc-users mailing list