[lxc-users] Unable to Start Unprivileged Containers on Debian / Jessie

Serge Hallyn serge.hallyn at ubuntu.com
Fri Sep 26 23:02:05 UTC 2014 

Quoting Chris (berzerkatives at gmail.com):
> On 25/09/14 19:43, Serge Hallyn wrote
> >D'oh.  yeah you cannot have the last line inside a script - it
> >moves the *script*, not your shell, into the new cgroup :)
> >
> >So from your shell after running the script, do
> >
> >for d in /sys/fs/cgroup/*; do
> >	echo $$ > $d/$USER/tasks
> >done
> >
> >and that should work.
> >
> Ah, of course! I've switched $$ for $PPID in the script.
> 
>           socrates at plato:~$ ./prep.sh
>           looking at blkio
>           [sudo] password for socrates:
>           looking at cgmanager
>           looking at cpu
>           looking at cpuacct
>           looking at cpu,cpuacct
>           looking at cpuset
>           1
>           looking at devices
>           looking at freezer
>           looking at net_cls
>           looking at perf_event
>           looking at systemd
>           socrates at plato:~$ cat /proc/self/cgroup
>           9:perf_event:/socrates
>           8:blkio:/socrates
>           7:net_cls:/socrates
>           6:freezer:/socrates
>           5:devices:/socrates
>           4:cpu,cpuacct:/socrates
>           3:cpuset:/socrates
>           2:name=systemd:/socrates
>           socrates at plato:~$ lxc-start -n socrates -l trace -o /tmp/xxx
>           failed to create /run/lxc
>           Failed to create directory for db file
>           lxc-start: failed to create the configured network
>           lxc-start: failed to spawn 'socrates'
>           lxc-start: The container failed to start.
>           lxc-start: Additional information can be obtained by
> setting the --logfile and --log-priority options.
> 
> Seems like a big improvement. I've attached the log file, xxx. Am I
> right in thinking that it's having difficulties creating the network
> interface?
> 
>           socrates at plato:~$ cat /etc/lxc/lxc-usernet
>           socrates veth lxcbr0 1000
>           socrates at plato:~$ /sbin/ifconfig lxcbr0
>           lxcbr0    Link encap:Ethernet  HWaddr 00:24:21:9b:91:e2
>                     inet addr:192.168.0.10  Bcast:192.168.0.255
> Mask:255.255.255.0
>                     inet6 addr: fe80::224:21ff:fe9b:5ab5/64 Scope:Link
>                     UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1
>                     RX packets:7041 errors:0 dropped:0 overruns:0 frame:0
>                     TX packets:1766 errors:0 dropped:0 overruns:0 carrier:0
>                     collisions:0 txqueuelen:0
>                     RX bytes:967017 (944.3 KiB)  TX bytes:197970
> (193.3 KiB)
>           socrates at plato:~$ cat .config/lxc/default.conf
>           lxc.network.type = veth
>           lxc.network.flags = up
>           lxc.network.link = lxcbr0
>           lxc.network.hwaddr = 00:16:3e:55:bd:de
>           lxc.id_map = u 0 427680 65536
>           lxc.id_map = g 0 427680 65536
>           socrates at plato:~$ head .local/share/lxc/socrates/config
>           #
>           lxc.network.type = veth
>           #lxc.network.veth.pair = socrates
>           lxc.network.flags = up
>           lxc.network.link = lxcbr0
>           lxc.network.hwaddr = 00:16:3e:55:bd:de
>           lxc.id_map = u 0 427680 65536
>           lxc.id_map = g 0 427680 65536
> 

Is /usr/lib/x86_64-linux-gnu/lxc/lxc-user-nic (or wherever it
sits) setuid-root?

More information about the lxc-users mailing list