[lxc-users] Unable to Start Unprivileged Containers on Debian / Jessie
Chris
berzerkatives at gmail.com
Thu Sep 25 18:21:00 UTC 2014
On 25/09/14 14:49, Serge Hallyn wrote:
> Quoting Chris (berzerkatives at gmail.com):
>> On 24/09/14 20:56, Serge Hallyn wrote:
>>> Quoting Chris (berzerkatives at gmail.com):
>>>> On 24/09/14 17:32, Serge Hallyn wrote:
>>>>> Ok in that case /sys/fs/cgroup should still be mounted read-write. After
>>>>> you login, what does /proc/self/cgroup show, and what does the tree under
>>>>> /sys/fs/cgroup/freezer/ look like?
>>>> OK. I've got this from a login via SSH immediately following a
>>>> reboot of plato.
>>>>
>>>> socrates at plato:~$ find /proc/self/cgroup -ls
>>>> 10551 0 -r--r--r-- 1 socrates socrates 0 Sep 24
>>> Oh I meant cat /proc/self/cgroup.
>>>
>> Ah, right.
>>
>> socrates at plato:~$ cat /proc/self/cgroup
>> 9:perf_event:/
>> 8:blkio:/
>> 7:net_cls:/
>> 6:freezer:/
>> 5:devices:/
>> 4:cpu,cpuacct:/
>> 3:cpuset:/
>> 2:name=systemd:/system.slice/ssh.service
> Ok, so now you run the prep.sh, then /proc/self/cgroup shows:
>
> socrates at plato:~$ cat /proc/self/cgroup
> 9:perf_event:/socrates
> 8:blkio:/socrates
> 7:net_cls:/socrates
> 6:freezer:/socrates
> 5:devices:/socrates
> 4:cpu,cpuacct:/socrates
> 3:cpuset:/socrates
> 2:name=systemd:/socrates
>
> ? (We'll hope that the name=systemd one isn't a problem). Can you
> show the result of
>
> ls -ld /sys/fs/cgroup/freezer/socrates
> ls -l /sys/fs/cgroup/freezer/socrates
>
> then finally do the 'lxc-start -n container -l trace -o xxx' and attach
> xxx one more time. I've got a bad feeling this won't give *new* info,
> but at least I know where we're at at this point. Actually, exactly
> how did you create the container? Could you create a new one using the
> same command, start it, and make sure it fails the same way? (that
> shoudl give me all i need to reproduce)
>
Looks like the script isn't working right... It doesn't seem to affect
my /proc/self/cgroup. Logging out and back in again didn't seem to
affect it either. Nor did re-running the script.
socrates at plato:~$ cat /proc/self/cgroup
9:perf_event:/
8:blkio:/
7:net_cls:/
6:freezer:/
5:devices:/
4:cpu,cpuacct:/
3:cpuset:/
2:name=systemd:/system.slice/ssh.service
socrates at plato:~$ ./prep.sh
looking at blkio
[sudo] password for socrates:
looking at cgmanager
looking at cpu
looking at cpuacct
looking at cpu,cpuacct
looking at cpuset
1
looking at devices
looking at freezer
looking at net_cls
looking at perf_event
looking at systemd
socrates at plato:~$ cat /proc/self/cgroup
9:perf_event:/
8:blkio:/
7:net_cls:/
6:freezer:/
5:devices:/
4:cpu,cpuacct:/
3:cpuset:/
2:name=systemd:/system.slice/ssh.service
socrates at plato:~$ cat ./prep.sh
#!/bin/bash --
for d in /sys/fs/cgroup/*; do
f=$(basename $d)
echo "looking at $f"
if [ "$f" = "cpuset" ]; then
echo 1 | sudo tee -a $d/cgroup.clone_children;
elif [ "$f" = "memory" ]; then
echo 1 | sudo tee -a $d/memory.use_hierarchy;
fi
sudo mkdir -p $d/$USER
sudo chown -R $USER $d/$USER
echo $$ > $d/$USER/tasks
done
More information about the lxc-users
mailing list