[lxc-users] Unable to boot unprivileged container

Serge Hallyn serge.hallyn at ubuntu.com
Mon May 5 18:14:13 UTC 2014 

Quoting Robert Pendell (shinji at elite-systems.org):
> On Mon, May 5, 2014 at 12:25 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> > Quoting Robert Pendell (shinji at elite-systems.org):
> >> Here is the information as you requested.
> >>
> >> lxc-start -n <container> -l info -o outfile
> >>       lxc-start 1399295274.692 INFO     lxc_start_ui - using rcfile
> >> /home/shinji/.local/share/lxc/utest/config
> >>       lxc-start 1399295274.692 INFO     lxc_utils - XDG_RUNTIME_DIR
> >> isn't set in the environment.
> >>       lxc-start 1399295274.692 INFO     lxc_confile - read uid map:
> >> type u nsid 0 hostid 100000 range 65536
> >>       lxc-start 1399295274.692 INFO     lxc_confile - read uid map:
> >> type g nsid 0 hostid 100000 range 65536
> >>       lxc-start 1399295274.692 WARN     lxc_log - lxc_log_init called
> >> with log already initialized
> >>       lxc-start 1399295274.692 INFO     lxc_lsm - LSM security driver nop
> >>       lxc-start 1399295274.692 INFO     lxc_utils - XDG_RUNTIME_DIR
> >> isn't set in the environment.
> >>       lxc-start 1399295274.693 INFO     lxc_conf - tty's configured
> >>       lxc-start 1399295275.060 INFO     lxc_start - 'utest' is initialized
> >>       lxc-start 1399295275.072 INFO     lxc_start - Cloning a new user namespace
> >>       lxc-start 1399295275.072 INFO     lxc_cgroup - cgroup driver
> >> cgmanager initing for utest
> >>       lxc-start 1399295275.073 ERROR    lxc_cgmanager - call to
> >> cgmanager_create_sync failed: invalid request
> >>       lxc-start 1399295275.073 ERROR    lxc_cgmanager - Failed to
> >> create cpuset:utest
> >
> > Thanks - so the problem is here.   Chances are you are not in a cgroup
> > that you own.  The easiest way to fix this is
> >
> > sudo cgm create all shinji
> > sudo cgm chown all shinji $(id -u) $(id -g)
> > cgm movepid all shinji $$
> >
> > Now the lxc-start should work (or at least go on to the next problem)
> >
> 
> Ok.  So I had determined that before (I didn't realize it until after
> I sent them message) however I had found a different way of handling
> it.  Yours is more elegant.  Now then to the 2nd issue.
> 
> This doesn't persist between server reboots or login sessions.  Is
> there supposed to be a script that runs that makes this persistent or
> does one have to move themselves manually whenever they want to run
> unprivileged containers?

logind should be putting you into a cgroup that you own when you log
in.  I think it's the libpam-systemd package which provides that.

-serge

More information about the lxc-users mailing list