[lxc-users] Unable to boot unprivileged container
Robert Pendell
shinji at elite-systems.org
Mon May 5 16:42:30 UTC 2014
On Mon, May 5, 2014 at 12:25 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Robert Pendell (shinji at elite-systems.org):
>> Here is the information as you requested.
>>
>> lxc-start -n <container> -l info -o outfile
>> lxc-start 1399295274.692 INFO lxc_start_ui - using rcfile
>> /home/shinji/.local/share/lxc/utest/config
>> lxc-start 1399295274.692 INFO lxc_utils - XDG_RUNTIME_DIR
>> isn't set in the environment.
>> lxc-start 1399295274.692 INFO lxc_confile - read uid map:
>> type u nsid 0 hostid 100000 range 65536
>> lxc-start 1399295274.692 INFO lxc_confile - read uid map:
>> type g nsid 0 hostid 100000 range 65536
>> lxc-start 1399295274.692 WARN lxc_log - lxc_log_init called
>> with log already initialized
>> lxc-start 1399295274.692 INFO lxc_lsm - LSM security driver nop
>> lxc-start 1399295274.692 INFO lxc_utils - XDG_RUNTIME_DIR
>> isn't set in the environment.
>> lxc-start 1399295274.693 INFO lxc_conf - tty's configured
>> lxc-start 1399295275.060 INFO lxc_start - 'utest' is initialized
>> lxc-start 1399295275.072 INFO lxc_start - Cloning a new user namespace
>> lxc-start 1399295275.072 INFO lxc_cgroup - cgroup driver
>> cgmanager initing for utest
>> lxc-start 1399295275.073 ERROR lxc_cgmanager - call to
>> cgmanager_create_sync failed: invalid request
>> lxc-start 1399295275.073 ERROR lxc_cgmanager - Failed to
>> create cpuset:utest
>
> Thanks - so the problem is here. Chances are you are not in a cgroup
> that you own. The easiest way to fix this is
>
> sudo cgm create all shinji
> sudo cgm chown all shinji $(id -u) $(id -g)
> cgm movepid all shinji $$
>
> Now the lxc-start should work (or at least go on to the next problem)
>
Ok. So I had determined that before (I didn't realize it until after
I sent them message) however I had found a different way of handling
it. Yours is more elegant. Now then to the 2nd issue.
This doesn't persist between server reboots or login sessions. Is
there supposed to be a script that runs that makes this persistent or
does one have to move themselves manually whenever they want to run
unprivileged containers?
More information about the lxc-users
mailing list