[lxc-users] Unable to Start Unprivileged Containers on Debian / Jessie
Chris
berzerkatives at gmail.com
Thu Sep 25 22:35:12 UTC 2014
On 25/09/14 19:43, Serge Hallyn wrote
> D'oh. yeah you cannot have the last line inside a script - it
> moves the *script*, not your shell, into the new cgroup :)
>
> So from your shell after running the script, do
>
> for d in /sys/fs/cgroup/*; do
> echo $$ > $d/$USER/tasks
> done
>
> and that should work.
>
Ah, of course! I've switched $$ for $PPID in the script.
socrates at plato:~$ ./prep.sh
looking at blkio
[sudo] password for socrates:
looking at cgmanager
looking at cpu
looking at cpuacct
looking at cpu,cpuacct
looking at cpuset
1
looking at devices
looking at freezer
looking at net_cls
looking at perf_event
looking at systemd
socrates at plato:~$ cat /proc/self/cgroup
9:perf_event:/socrates
8:blkio:/socrates
7:net_cls:/socrates
6:freezer:/socrates
5:devices:/socrates
4:cpu,cpuacct:/socrates
3:cpuset:/socrates
2:name=systemd:/socrates
socrates at plato:~$ lxc-start -n socrates -l trace -o /tmp/xxx
failed to create /run/lxc
Failed to create directory for db file
lxc-start: failed to create the configured network
lxc-start: failed to spawn 'socrates'
lxc-start: The container failed to start.
lxc-start: Additional information can be obtained by setting
the --logfile and --log-priority options.
Seems like a big improvement. I've attached the log file, xxx. Am I
right in thinking that it's having difficulties creating the network
interface?
socrates at plato:~$ cat /etc/lxc/lxc-usernet
socrates veth lxcbr0 1000
socrates at plato:~$ /sbin/ifconfig lxcbr0
lxcbr0 Link encap:Ethernet HWaddr 00:24:21:9b:91:e2
inet addr:192.168.0.10 Bcast:192.168.0.255
Mask:255.255.255.0
inet6 addr: fe80::224:21ff:fe9b:5ab5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7041 errors:0 dropped:0 overruns:0 frame:0
TX packets:1766 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:967017 (944.3 KiB) TX bytes:197970 (193.3
KiB)
socrates at plato:~$ cat .config/lxc/default.conf
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.hwaddr = 00:16:3e:55:bd:de
lxc.id_map = u 0 427680 65536
lxc.id_map = g 0 427680 65536
socrates at plato:~$ head .local/share/lxc/socrates/config
#
lxc.network.type = veth
#lxc.network.veth.pair = socrates
lxc.network.flags = up
lxc.network.link = lxcbr0
lxc.network.hwaddr = 00:16:3e:55:bd:de
lxc.id_map = u 0 427680 65536
lxc.id_map = g 0 427680 65536
-------------- next part --------------
lxc-start 1411680899.159 INFO lxc_start_ui - using rcfile /home/socrates/.local/share/lxc/socrates/config
lxc-start 1411680899.159 INFO lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1411680899.161 INFO lxc_confile - read uid map: type u nsid 0 hostid 427680 range 65536
lxc-start 1411680899.161 INFO lxc_confile - read uid map: type g nsid 0 hostid 427680 range 65536
lxc-start 1411680899.161 WARN lxc_log - lxc_log_init called with log already initialized
lxc-start 1411680899.161 INFO lxc_lsm - LSM security driver nop
lxc-start 1411680899.161 INFO lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1411680899.162 DEBUG lxc_conf - allocated pty '/dev/pts/1' (5/6)
lxc-start 1411680899.163 INFO lxc_conf - tty's configured
lxc-start 1411680899.163 DEBUG lxc_start - sigchild handler set
lxc-start 1411680899.163 DEBUG lxc_console - opening /home/socrates/.console for console peer
lxc-start 1411680899.163 DEBUG lxc_console - using '/home/socrates/.console' as console
lxc-start 1411680899.163 DEBUG lxc_console - no console peer
lxc-start 1411680899.432 INFO lxc_start - 'socrates' is initialized
lxc-start 1411680899.463 DEBUG lxc_start - Not dropping cap_sys_boot or watching utmp
lxc-start 1411680899.463 INFO lxc_start - Cloning a new user namespace
lxc-start 1411680899.463 INFO lxc_cgroup - cgroup driver cgroupfs initing for socrates
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.deny' set to 'a'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c *:* m'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'b *:* m'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 5:1 rwm'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 10:229 rwm'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:3 rwm'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 5:2 rwm'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 136:* rwm'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:8 rwm'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 254:0 rwm'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 5:0 rwm'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:9 rwm'
lxc-start 1411680899.467 DEBUG lxc_cgfs - cgroup 'devices.allow' set to 'c 1:5 rwm'
lxc-start 1411680899.467 INFO lxc_cgfs - cgroup has been setup
lxc-start 1411680899.473 ERROR lxc_start - failed to create the configured network
lxc-start 1411680899.473 INFO lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1411680899.575 ERROR lxc_start - failed to spawn 'socrates'
lxc-start 1411680899.575 INFO lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1411680899.575 INFO lxc_utils - XDG_RUNTIME_DIR isn't set in the environment.
lxc-start 1411680899.577 ERROR lxc_start_ui - The container failed to start.
lxc-start 1411680899.577 ERROR lxc_start_ui - Additional information can be obtained by setting the --logfile and --log-priority options.
More information about the lxc-users
mailing list