[lxc-users] Failing to create unprivileged container due to wrong /run/user/XXX/lock directory

Ranjib Dey dey.ranjib at gmail.com
Sat Jan 3 18:41:02 UTC 2015 

I was able to resolve the lock issue, today. It seems like the environment
variable XDG_RUNTIME_DIR holds the value of that directory per-user. while
using sudo it didn't change the directory, and still set to the login user.
I found the correct directory using `ls -alh /run/user/*` (the one thats
owned by the lxc user), and then manually setting the XDG_RUNTIME_DIR to
that path. Afterwards lxc-create works.
But now im getting a different error due to dbus, it looks like cgmanager
call to create cgroup is failing


  lxc-start 1420309721.946 ERROR    lxc_cgmanager - call to
cgmanager_create_sync failed: invalid request
  lxc-start 1420309721.946 ERROR    lxc_cgmanager - Failed to create
hugetlb:testx
  lxc-start 1420309721.946 ERROR    lxc_cgmanager - Error creating cgroup
hugetlb:testx

I have tried the cgm commands, as a different user since the user which
needs to run lxc dont have sudo access. Following are the output
-- ranjib at agent01:~ $ sudo cgm create all go
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1

-- ranjib at agent01:~ $ sudo cgm chown all go 111 117
method return sender=(null sender) -> dest=(null destination) reply_serial=1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
method return sender=(null sender) -> dest=(null destination) reply_serial=1

-- ranjib at agent01:~ $ sudo cgm movepid all go 18764
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request
Error org.freedesktop.DBus.Error.InvalidArgs: invalid request


Clearly the last one is failing, but im not sure why. I have installed
libpam-systemd and reboot the server, without any effect. Also i dont know
if the previous two cgm calls were successful, but their exit code was 0.


any help?
thanks in advance,
ranjib


On Sat, Jan 3, 2015 at 9:14 AM, Nicholas J Ingrassellino <
nick at lifebloodnetworks.com> wrote:

>  I am having the same issue.
>
> After an
>
> *sudo su - lxc*
>
> I try using
>
> *lxc-create*
>
> . I get
>
> *lxc-create: Permission denied - failed to create directory
> '/run/user/1000/lock/'*
>
> which is the uid of the "logged in" user. I am writing up instructions to
> host a how-to on my blog and can not find any clues as to a solution.
>
> ------------------------------
>
>  On 12/27/2014 10:54 PM, Ranjib Dey wrote:
>
>  Hi list,
> Im trying to create an unprivileged container on ubuntu 14.04 with lxc
> 1.0.6.  The user(named `go`) which will create containers is a CI agent
> (GoCD, its like jenkins). After installing the CI software, i am manually
> adding subuid and subgid using the usermod -a -g file. I have also created
> the appropriate /etc/lxc/lxc-usernet and othet configurations. When i try
> to create a container from the download template it fails. The first error
> shows that it tries to create a lock directory in a folder owned by wrong
> user. Note, my login user is different, and im using `sudo su - go` to
> become the user. I tried doing the cgm trick as well (cgm create all ..,
> cgm chown all ..), without much luck.
>
>
>  go at host01:~$ lxc-create -o test.log -l debug -n test -t download -- -d
> ubuntu -a amd64 -r trusty
>
>  lxc-create: Permission denied - failed to create directory
> '/run/user/1001/lock/'
> WARN: could not reopen tty: Permission denied
> WARN: could not reopen tty: Permission denied
> WARN: could not reopen tty: Permission denied
> lxc-create: Error opening /tmp/111/lxc//var/go/.local/share/lxc/test
> lxc-create: failed to save starting configuration for test
> lxc-create: Error creating container test
>
>
>  Following is the content of the test.log
>
>  lxc-create 1419737316.440 ERROR    lxc_utils - Permission denied -
> failed to create directory '/run/user/1001/lock/'
> lxc-create 1419737316.440 WARN     lxc_log - lxc_log_init called with log
> already initialized
> lxc-create 1419737316.440 INFO     lxc_confile - read uid map: type u nsid
> 0 hostid 3311264 range 65537
> lxc-create 1419737316.440 INFO     lxc_confile - read uid map: type g nsid
> 0 hostid 3311264 range 65537
> lxc-create 1419737316.562 ERROR    lxc_lock - Error opening
> /tmp/111/lxc//var/go/.local/share/lxc/test
> lxc-create 1419737316.563 ERROR    lxc_container - failed to save starting
> configuration for test
> lxc-create 1419737316.563 ERROR    lxc_create_ui - Error creating
> container test
> lxc-create 1419737772.411 ERROR    lxc_utils - Permission denied - failed
> to create directory '/run/user/1001/lock/'
> lxc-create 1419737772.411 WARN     lxc_log - lxc_log_init called with log
> already initialized
> lxc-create 1419737772.412 INFO     lxc_confile - read uid map: type u nsid
> 0 hostid 3311264 range 65537
> lxc-create 1419737772.412 INFO     lxc_confile - read uid map: type g nsid
> 0 hostid 3311264 range 65537
> lxc-create 1419737772.544 ERROR    lxc_lock - Error opening
> /tmp/111/lxc//var/go/.local/share/lxc/test
> lxc-create 1419737772.544 ERROR    lxc_container - failed to save starting
> configuration for test
> lxc-create 1419737772.545 ERROR    lxc_create_ui - Error creating
> container test
>
>  go at host01:~$ ls -alh /run/user/
> total 0
> drwxr-xr-x  6 root     root     120 Dec 28 03:02 .
> drwxr-xr-x 28 root     root     940 Dec 28 03:02 ..
> drwx------  2 ranjib   ranjib    40 Dec 28 02:58 1001
> drwx------  2 newrelic newrelic  40 Dec 28 02:57 109
> drwx------  2 go       go        40 Dec 28 02:57 111
>
>
>
> _______________________________________________
> lxc-users mailing listlxc-users at lists.linuxcontainers.orghttp://lists.linuxcontainers.org/listinfo/lxc-users
>
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150103/7f34ce56/attachment-0001.html>

More information about the lxc-users mailing list