[lxc-users] Unable to Start Unprivileged Containers on Debian / Jessie
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Sep 25 13:49:43 UTC 2014
Quoting Chris (berzerkatives at gmail.com):
>
> On 24/09/14 20:56, Serge Hallyn wrote:
> >Quoting Chris (berzerkatives at gmail.com):
> >>On 24/09/14 17:32, Serge Hallyn wrote:
> >>>Ok in that case /sys/fs/cgroup should still be mounted read-write. After
> >>>you login, what does /proc/self/cgroup show, and what does the tree under
> >>>/sys/fs/cgroup/freezer/ look like?
> >>OK. I've got this from a login via SSH immediately following a
> >>reboot of plato.
> >>
> >> socrates at plato:~$ find /proc/self/cgroup -ls
> >> 10551 0 -r--r--r-- 1 socrates socrates 0 Sep 24
> >Oh I meant cat /proc/self/cgroup.
> >
> Ah, right.
>
> socrates at plato:~$ cat /proc/self/cgroup
> 9:perf_event:/
> 8:blkio:/
> 7:net_cls:/
> 6:freezer:/
> 5:devices:/
> 4:cpu,cpuacct:/
> 3:cpuset:/
> 2:name=systemd:/system.slice/ssh.service
Ok, so now you run the prep.sh, then /proc/self/cgroup shows:
socrates at plato:~$ cat /proc/self/cgroup
9:perf_event:/socrates
8:blkio:/socrates
7:net_cls:/socrates
6:freezer:/socrates
5:devices:/socrates
4:cpu,cpuacct:/socrates
3:cpuset:/socrates
2:name=systemd:/socrates
? (We'll hope that the name=systemd one isn't a problem). Can you
show the result of
ls -ld /sys/fs/cgroup/freezer/socrates
ls -l /sys/fs/cgroup/freezer/socrates
then finally do the 'lxc-start -n container -l trace -o xxx' and attach
xxx one more time. I've got a bad feeling this won't give *new* info,
but at least I know where we're at at this point. Actually, exactly
how did you create the container? Could you create a new one using the
same command, start it, and make sure it fails the same way? (that
shoudl give me all i need to reproduce)
More information about the lxc-users
mailing list