[lxc-users] Unable to Start Unprivileged Containers on Debian / Jessie

Serge Hallyn serge.hallyn at ubuntu.com
Thu Sep 25 18:43:15 UTC 2014


Quoting Chris (berzerkatives at gmail.com):
> On 25/09/14 14:49, Serge Hallyn wrote:
> >Quoting Chris (berzerkatives at gmail.com):
> >>On 24/09/14 20:56, Serge Hallyn wrote:
> >>>Quoting Chris (berzerkatives at gmail.com):
> >>>>On 24/09/14 17:32, Serge Hallyn wrote:
> >>>>>Ok in that case /sys/fs/cgroup should still be mounted read-write.  After
> >>>>>you login, what does /proc/self/cgroup show, and what does the tree under
> >>>>>/sys/fs/cgroup/freezer/ look like?
> >>>>OK. I've got this from a login via SSH immediately following a
> >>>>reboot of plato.
> >>>>
> >>>>     socrates at plato:~$ find /proc/self/cgroup -ls
> >>>>      10551    0 -r--r--r--   1 socrates   socrates          0 Sep 24
> >>>Oh I meant cat /proc/self/cgroup.
> >>>
> >>Ah, right.
> >>
> >>socrates at plato:~$ cat /proc/self/cgroup
> >>9:perf_event:/
> >>8:blkio:/
> >>7:net_cls:/
> >>6:freezer:/
> >>5:devices:/
> >>4:cpu,cpuacct:/
> >>3:cpuset:/
> >>2:name=systemd:/system.slice/ssh.service
> >Ok, so now you run the prep.sh, then /proc/self/cgroup shows:
> >
> >socrates at plato:~$ cat /proc/self/cgroup
> >9:perf_event:/socrates
> >8:blkio:/socrates
> >7:net_cls:/socrates
> >6:freezer:/socrates
> >5:devices:/socrates
> >4:cpu,cpuacct:/socrates
> >3:cpuset:/socrates
> >2:name=systemd:/socrates
> >
> >?  (We'll hope that the name=systemd one isn't a problem).  Can you
> >show the result of
> >
> >ls -ld /sys/fs/cgroup/freezer/socrates
> >ls -l /sys/fs/cgroup/freezer/socrates
> >
> >then finally do the 'lxc-start -n container -l trace -o xxx' and attach
> >xxx one more time.  I've got a bad feeling this won't give *new* info,
> >but at least I know where we're at at this point.  Actually, exactly
> >how did you create the container?  Could you create a new one using the
> >same command, start it, and make sure it fails the same way?  (that
> >shoudl give me all i need to reproduce)
> >
> Looks like the script isn't working right... It doesn't seem to
> affect my /proc/self/cgroup. Logging out and back in again didn't

D'oh.  yeah you cannot have the last line inside a script - it
moves the *script*, not your shell, into the new cgroup :)

So from your shell after running the script, do

for d in /sys/fs/cgroup/*; do
	echo $$ > $d/$USER/tasks
done

and that should work.



More information about the lxc-users mailing list