[lxc-users] Unable to Start Unprivileged Containers on Debian / Jessie

Chris berzerkatives at gmail.com
Thu Sep 25 18:21:00 UTC 2014


On 25/09/14 14:49, Serge Hallyn wrote:
> Quoting Chris (berzerkatives at gmail.com):
>> On 24/09/14 20:56, Serge Hallyn wrote:
>>> Quoting Chris (berzerkatives at gmail.com):
>>>> On 24/09/14 17:32, Serge Hallyn wrote:
>>>>> Ok in that case /sys/fs/cgroup should still be mounted read-write.  After
>>>>> you login, what does /proc/self/cgroup show, and what does the tree under
>>>>> /sys/fs/cgroup/freezer/ look like?
>>>> OK. I've got this from a login via SSH immediately following a
>>>> reboot of plato.
>>>>
>>>>      socrates at plato:~$ find /proc/self/cgroup -ls
>>>>       10551    0 -r--r--r--   1 socrates   socrates          0 Sep 24
>>> Oh I meant cat /proc/self/cgroup.
>>>
>> Ah, right.
>>
>> socrates at plato:~$ cat /proc/self/cgroup
>> 9:perf_event:/
>> 8:blkio:/
>> 7:net_cls:/
>> 6:freezer:/
>> 5:devices:/
>> 4:cpu,cpuacct:/
>> 3:cpuset:/
>> 2:name=systemd:/system.slice/ssh.service
> Ok, so now you run the prep.sh, then /proc/self/cgroup shows:
>
> socrates at plato:~$ cat /proc/self/cgroup
> 9:perf_event:/socrates
> 8:blkio:/socrates
> 7:net_cls:/socrates
> 6:freezer:/socrates
> 5:devices:/socrates
> 4:cpu,cpuacct:/socrates
> 3:cpuset:/socrates
> 2:name=systemd:/socrates
>
> ?  (We'll hope that the name=systemd one isn't a problem).  Can you
> show the result of
>
> ls -ld /sys/fs/cgroup/freezer/socrates
> ls -l /sys/fs/cgroup/freezer/socrates
>
> then finally do the 'lxc-start -n container -l trace -o xxx' and attach
> xxx one more time.  I've got a bad feeling this won't give *new* info,
> but at least I know where we're at at this point.  Actually, exactly
> how did you create the container?  Could you create a new one using the
> same command, start it, and make sure it fails the same way?  (that
> shoudl give me all i need to reproduce)
>
Looks like the script isn't working right... It doesn't seem to affect 
my /proc/self/cgroup. Logging out and back in again didn't seem to 
affect it either. Nor did re-running the script.

socrates at plato:~$ cat /proc/self/cgroup
9:perf_event:/
8:blkio:/
7:net_cls:/
6:freezer:/
5:devices:/
4:cpu,cpuacct:/
3:cpuset:/
2:name=systemd:/system.slice/ssh.service
socrates at plato:~$ ./prep.sh
looking at blkio
[sudo] password for socrates:
looking at cgmanager
looking at cpu
looking at cpuacct
looking at cpu,cpuacct
looking at cpuset
1
looking at devices
looking at freezer
looking at net_cls
looking at perf_event
looking at systemd
socrates at plato:~$ cat /proc/self/cgroup
9:perf_event:/
8:blkio:/
7:net_cls:/
6:freezer:/
5:devices:/
4:cpu,cpuacct:/
3:cpuset:/
2:name=systemd:/system.slice/ssh.service
socrates at plato:~$ cat ./prep.sh
#!/bin/bash --

for d in /sys/fs/cgroup/*; do
         f=$(basename $d)
         echo "looking at $f"
         if [ "$f" = "cpuset" ]; then
                 echo 1 | sudo tee -a $d/cgroup.clone_children;
         elif [ "$f" = "memory" ]; then
                 echo 1 | sudo tee -a $d/memory.use_hierarchy;
         fi
         sudo mkdir -p $d/$USER
         sudo chown -R $USER $d/$USER
         echo $$ > $d/$USER/tasks
done



More information about the lxc-users mailing list