[lxc-users] Unable to boot unprivileged container

Robert Pendell shinji at elite-systems.org
Mon May 5 16:42:30 UTC 2014 

On Mon, May 5, 2014 at 12:25 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Robert Pendell (shinji at elite-systems.org):
>> Here is the information as you requested.
>>
>> lxc-start -n <container> -l info -o outfile
>>       lxc-start 1399295274.692 INFO     lxc_start_ui - using rcfile
>> /home/shinji/.local/share/lxc/utest/config
>>       lxc-start 1399295274.692 INFO     lxc_utils - XDG_RUNTIME_DIR
>> isn't set in the environment.
>>       lxc-start 1399295274.692 INFO     lxc_confile - read uid map:
>> type u nsid 0 hostid 100000 range 65536
>>       lxc-start 1399295274.692 INFO     lxc_confile - read uid map:
>> type g nsid 0 hostid 100000 range 65536
>>       lxc-start 1399295274.692 WARN     lxc_log - lxc_log_init called
>> with log already initialized
>>       lxc-start 1399295274.692 INFO     lxc_lsm - LSM security driver nop
>>       lxc-start 1399295274.692 INFO     lxc_utils - XDG_RUNTIME_DIR
>> isn't set in the environment.
>>       lxc-start 1399295274.693 INFO     lxc_conf - tty's configured
>>       lxc-start 1399295275.060 INFO     lxc_start - 'utest' is initialized
>>       lxc-start 1399295275.072 INFO     lxc_start - Cloning a new user namespace
>>       lxc-start 1399295275.072 INFO     lxc_cgroup - cgroup driver
>> cgmanager initing for utest
>>       lxc-start 1399295275.073 ERROR    lxc_cgmanager - call to
>> cgmanager_create_sync failed: invalid request
>>       lxc-start 1399295275.073 ERROR    lxc_cgmanager - Failed to
>> create cpuset:utest
>
> Thanks - so the problem is here.   Chances are you are not in a cgroup
> that you own.  The easiest way to fix this is
>
> sudo cgm create all shinji
> sudo cgm chown all shinji $(id -u) $(id -g)
> cgm movepid all shinji $$
>
> Now the lxc-start should work (or at least go on to the next problem)
>

Ok.  So I had determined that before (I didn't realize it until after
I sent them message) however I had found a different way of handling
it.  Yours is more elegant.  Now then to the 2nd issue.

This doesn't persist between server reboots or login sessions.  Is
there supposed to be a script that runs that makes this persistent or
does one have to move themselves manually whenever they want to run
unprivileged containers?

More information about the lxc-users mailing list