[lxc-users] Unable to boot unprivileged container
Serge Hallyn
serge.hallyn at ubuntu.com
Mon May 5 18:14:13 UTC 2014
Quoting Robert Pendell (shinji at elite-systems.org):
> On Mon, May 5, 2014 at 12:25 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> > Quoting Robert Pendell (shinji at elite-systems.org):
> >> Here is the information as you requested.
> >>
> >> lxc-start -n <container> -l info -o outfile
> >> lxc-start 1399295274.692 INFO lxc_start_ui - using rcfile
> >> /home/shinji/.local/share/lxc/utest/config
> >> lxc-start 1399295274.692 INFO lxc_utils - XDG_RUNTIME_DIR
> >> isn't set in the environment.
> >> lxc-start 1399295274.692 INFO lxc_confile - read uid map:
> >> type u nsid 0 hostid 100000 range 65536
> >> lxc-start 1399295274.692 INFO lxc_confile - read uid map:
> >> type g nsid 0 hostid 100000 range 65536
> >> lxc-start 1399295274.692 WARN lxc_log - lxc_log_init called
> >> with log already initialized
> >> lxc-start 1399295274.692 INFO lxc_lsm - LSM security driver nop
> >> lxc-start 1399295274.692 INFO lxc_utils - XDG_RUNTIME_DIR
> >> isn't set in the environment.
> >> lxc-start 1399295274.693 INFO lxc_conf - tty's configured
> >> lxc-start 1399295275.060 INFO lxc_start - 'utest' is initialized
> >> lxc-start 1399295275.072 INFO lxc_start - Cloning a new user namespace
> >> lxc-start 1399295275.072 INFO lxc_cgroup - cgroup driver
> >> cgmanager initing for utest
> >> lxc-start 1399295275.073 ERROR lxc_cgmanager - call to
> >> cgmanager_create_sync failed: invalid request
> >> lxc-start 1399295275.073 ERROR lxc_cgmanager - Failed to
> >> create cpuset:utest
> >
> > Thanks - so the problem is here. Chances are you are not in a cgroup
> > that you own. The easiest way to fix this is
> >
> > sudo cgm create all shinji
> > sudo cgm chown all shinji $(id -u) $(id -g)
> > cgm movepid all shinji $$
> >
> > Now the lxc-start should work (or at least go on to the next problem)
> >
>
> Ok. So I had determined that before (I didn't realize it until after
> I sent them message) however I had found a different way of handling
> it. Yours is more elegant. Now then to the 2nd issue.
>
> This doesn't persist between server reboots or login sessions. Is
> there supposed to be a script that runs that makes this persistent or
> does one have to move themselves manually whenever they want to run
> unprivileged containers?
logind should be putting you into a cgroup that you own when you log
in. I think it's the libpam-systemd package which provides that.
-serge
More information about the lxc-users
mailing list