[lxc-users] unprivileged container with systemd?

Dirk Geschke dirk at lug-erding.de
Mon Feb 9 16:19:36 UTC 2015 

Hi Serge,

> > I just to follow
> > 
> >    https://www.stgraber.org/2014/01/17/lxc-1-0-unprivileged-containers/
> > 
> > once more to install a new container and it fails. First of all it
> > was a problem with the access to the directory 
> > 
> >    ~/.local/share/lxc/jessie1
> > 
> > The owner changed to a mapped one -> 100000 and then there was no
> > access for the lxcuser, which has uid 1001. I fixed this via setting
> > write access for the users group.
> > 
> > But then I installed a download template:
> > 
> >    lxc-create -t download -n jessie1 -- -d debian -r jessie -a amd64
> > 
> > which worked without problems (except warnings regarding reopen tty).
> > 
> > If I try to start the container it ends up with:
> > 
> >    ~$ lxc-start -n jessie1
> >    lxc_container: Permission denied - Unable to create /dev/.lxc for autodev
> >    Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
> > 
> > Here it ends, nothing more happens and only a kill -9 works...
> > 
> > And yes, /sbin/init in the container is now a link to systemd:
> > 
> >    /sbin/init -> /lib/systemd/systemd
> > 
> > I suspect, this does not work at all without cgroup namespace support
> > in the kernel? Or am I missing something else?
> 
> There's something else you're missing, but I'm not sure what.  What is
> your environment (os/release and any custom installs)?  Try 1.1.0, and
> make sure to re-create the container as the new config file should be
> more correct for systemd backed containers.

the host is Debian wheezy, kernel 3.18.4 and a backported shadow
package for newuidmap & Co. 

For LXC I have now lxc-1.1, cgmanager-0.35 and lxcfs-0.5. This works
fine with an debian-container for wheezy and jessie. But if I switch
jessie to systemd, it fails. I just tried an upgrade to experimental,
but this fails, too.

Now I started with a fresh template download of ubuntu vivid. This
works fine, too, but with upstart. If I install systemd an put a
lxc.init_cmd=/bin/systemd, it fails too:

   $ lxc-start -n ubuntu -F -l DEBUG
   WARN: could not reopen tty: Permission denied
   systemd 218 running in system mode. (+PAM +AUDIT +SELINUX +IMA
   +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL
   +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN)
   Detected virtualization 'lxc'.
   Detected architecture 'x86-64'.

   Welcome to Ubuntu Vivid Vervet (development branch)!

   Set hostname to <ubuntu>.
   /etc/mtab is not a symlink or not pointing to /proc/self/mounts. This
   is not supported anymore. Please make sure to replace this file by a
   symlink to avoid incorrect or misleading mount(8) output.
   Failed to install release agent, ignoring: No such file or directory

That's the same behaviour as with debian jessie and systemd. At this
point even an lxc-attach does not work...

I have no idea, what is going on, maybe there is something too old on
debian wheezy as a host?

Best regards

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at geschke-online.de / dirk at lug-erding.de  / kontakt at lug-erding.de |
+----------------------------------------------------------------------+

More information about the lxc-users mailing list