[lxc-users] Failing to create unprivileged container due to wrong /run/user/XXX/lock directory

Serge Hallyn serge.hallyn at ubuntu.com
Wed Jan 7 20:12:19 UTC 2015 

Quoting Ranjib Dey (dey.ranjib at gmail.com):
> Hi serge,

Hm I thought I'd already asked this but dont' see it - what kernel
are you running, and is a cgproxy running?  What does 'ps -ef' and
'uname -a' show?

> when i execute `cgm movepid all go $(pid)` as root, i get the following
> error
> 
> MovePid: Client fd is: 6 (pid=16139, uid=0, gid=0)
> cgmanager:do_move_pid_main: victim's cgroup is not under proxy's (p.uid 0)
> Disconnected from private client

Did root first do a 'cgm movepidabs all / $$' ?

> if i try sudo -u go cgm movepid all go $(pid), it picks up correct p.uid,
> but still fails
> 
> Connection from private client
> MovePid: Client fd is: 6 (pid=16612, uid=111, gid=117)
> cgmanager:do_move_pid_main: victim's cgroup is not under proxy's (p.uid 111)
> Disconnected from private client
> 
> 
> regards
> ranjib
> 
> On Mon, Jan 5, 2015 at 12:11 PM, Serge Hallyn <serge.hallyn at ubuntu.com>
> wrote:
> 
> > Quoting Ranjib Dey (dey.ranjib at gmail.com):
> > > following is the debug log:
> > >
> > > MovePid: Client fd is: 6 (pid=10783, uid=111, gid=117)
> > > cgmanager: Invalid path
> > > /run/cgmanager/fs/hugetlb/user/1001.user/83.session/go
> > > cgmanager:do_move_pid_main: Invalid path
> > > /run/cgmanager/fs/hugetlb/user/1001.user/83.session/go
> > > Disconnected from private client
> > >
> > > 1001 is wrong user (my login user), not `go` user's UID, which is 100.
> >
> > I assume you're running this using sudo from uid 1001.  Since that is
> > also how you did the create and chown, that should be ok.  I'm not
> > understanding why the cg does not exist.
> >
> > The least confusing thing to do might be to have root do
> > something like
> >
> > cgm movepidabs all / $$
> > cgm create all go
> > cgm chown all go $(id -u go) $(id -g go)
> > cgh movepid all go $(pid)
> >
> > > /run/cgmanager/fs/hugetlb/ directory is empty,
> >
> > It's in a private namespace.  You'd have to mount it yourself to
> > see.
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list