[lxc-users] Nested containers
Marc Aymerich
glicerinu at gmail.com
Tue Jan 14 21:14:14 UTC 2014
On Tue, Jan 14, 2014 at 9:32 PM, Stéphane Graber <stgraber at ubuntu.com> wrote:
> On Tue, Jan 14, 2014 at 06:16:08PM +0100, Marc Aymerich wrote:
>> Hi,
>>
>> I'm trying to boot a Debian LXC container inside another Debian
>> container, Ubuntu is my host.
>>
>> My base container uses the following app armor prfofile, in order to
>> allow forking nested containers:
>> https://dl.stgraber.org/lxc-with-nesting
>>
>> However I'm getting a cgroups related issue when I try to start a
>> nested container:
>> root at orchestra:~# lxc-start -n web
>> lxc-start: No cgroup mounted on the system
>> lxc-start: failed to spawn 'web'
>>
>> I've tried configuring the following mountpoint on the base container config:
>> lxc.mount.entry = cgroup /sys/fs/cgroup cgroup defaults 0 0
>>
>> Also tried to define a cgroup mountpoint on the base container /etc/fstab
>> cgroup /sys/fs/cgroup cgroup defaults 0 0
>>
>> but without any luck:
>> root at orchestra:~# mount /sys/fs/cgroup
>> mount: block device cgroup is write-protected, mounting read-only
>> mount: cannot mount block device cgroup read-only
>>
>>
>> Any idea about how cgroups can be enabled inside a container?
>>
>> Thanks!!!
>
> Did you set "lxc.aa_profile = lxc-container-default-with-nesting" for
> both the parent containers?
Hi Stéphane,
aa_profile only declared on the host (ubuntu), My Debian containers do
not have app armor installed.
Thanks !
--
Marc
More information about the lxc-users
mailing list