[lxc-users] Failing to create unprivileged container due to wrong /run/user/XXX/lock directory
Ranjib Dey
dey.ranjib at gmail.com
Wed Jan 7 20:28:48 UTC 2015
hi serge,
thanks for the response,
i am running ubuntu 14.04 running 3.13 kernel (uname -a Linux automator
3.13.0-43-generic #72-Ubuntu SMP Mon Dec 8 19:35:06 UTC 2014 x86_64 x86_64
x86_64 GNU/Linux),
cgmanage is running (sudo status cgmanager) but cgproxy is not , i thought
cgproxy is needed only inside the container, for nesting.
i have not executed `cgm movepidabs all / $$`, cgm does not support this
argument. Should i install cgmanager from daily ppa?
I can create and start unprivileged containers from the same host as my own
user, but not as the `go` user (which run CI server, and as part of the
build im trying to create and publish containers),
following is the ps -ef output
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Jan02 ? 00:00:04 /sbin/init
root 2 0 0 Jan02 ? 00:00:00 [kthreadd]
root 3 2 0 Jan02 ? 00:00:00 [ksoftirqd/0]
root 5 2 0 Jan02 ? 00:00:00 [kworker/0:0H]
root 7 2 0 Jan02 ? 00:01:51 [rcu_sched]
root 8 2 0 Jan02 ? 00:01:41 [rcuos/0]
root 9 2 0 Jan02 ? 00:01:11 [rcuos/1]
root 10 2 0 Jan02 ? 00:00:00 [rcu_bh]
root 11 2 0 Jan02 ? 00:00:00 [rcuob/0]
root 12 2 0 Jan02 ? 00:00:00 [rcuob/1]
root 13 2 0 Jan02 ? 00:00:02 [migration/0]
root 14 2 0 Jan02 ? 00:00:00 [watchdog/0]
root 15 2 0 Jan02 ? 00:00:00 [watchdog/1]
root 16 2 0 Jan02 ? 00:00:02 [migration/1]
root 17 2 0 Jan02 ? 00:00:00 [ksoftirqd/1]
root 19 2 0 Jan02 ? 00:00:00 [kworker/1:0H]
root 20 2 0 Jan02 ? 00:00:00 [khelper]
root 21 2 0 Jan02 ? 00:00:00 [kdevtmpfs]
root 22 2 0 Jan02 ? 00:00:00 [netns]
root 23 2 0 Jan02 ? 00:00:00 [xenwatch]
root 24 2 0 Jan02 ? 00:00:00 [xenbus]
root 25 2 0 Jan02 ? 00:00:00 [writeback]
root 26 2 0 Jan02 ? 00:00:00 [kintegrityd]
root 27 2 0 Jan02 ? 00:00:00 [bioset]
root 28 2 0 Jan02 ? 00:00:01 [kworker/u5:0]
root 29 2 0 Jan02 ? 00:00:00 [kblockd]
root 31 2 0 Jan02 ? 00:00:00 [ata_sff]
root 32 2 0 Jan02 ? 00:00:00 [khubd]
root 33 2 0 Jan02 ? 00:00:00 [md]
root 34 2 0 Jan02 ? 00:00:00 [devfreq_wq]
root 37 2 0 Jan02 ? 00:00:00 [khungtaskd]
root 38 2 0 Jan02 ? 00:00:00 [kswapd0]
root 39 2 0 Jan02 ? 00:00:00 [ksmd]
root 40 2 0 Jan02 ? 00:00:00 [fsnotify_mark]
root 41 2 0 Jan02 ? 00:00:00 [ecryptfs-kthrea]
root 42 2 0 Jan02 ? 00:00:00 [crypto]
root 54 2 0 Jan02 ? 00:00:00 [kthrotld]
root 56 2 0 Jan02 ? 00:00:00 [khvcd]
root 75 2 0 Jan02 ? 00:00:00 [deferwq]
root 76 2 0 Jan02 ? 00:00:00 [charger_manager]
root 127 2 0 Jan02 ? 00:00:00 [kdmflush]
root 128 2 0 Jan02 ? 00:00:00 [bioset]
root 179 2 0 Jan02 ? 00:00:10 [jbd2/xvda1-8]
root 180 2 0 Jan02 ? 00:00:00 [ext4-rsv-conver]
root 315 2 0 Jan02 ? 00:00:15 [jbd2/dm-0-8]
root 316 2 0 Jan02 ? 00:00:00 [ext4-rsv-conver]
root 388 1 0 Jan02 ? 00:00:00 upstart-udev-bridge --daemon
root 393 1 0 Jan02 ? 00:00:00 /lib/systemd/systemd-udevd
--daemon
root 521 1 0 Jan02 ? 00:00:00 upstart-socket-bridge
--daemon
root 613 1 0 Jan02 ? 00:00:00 dhclient -1 -v -pf
/run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
message+ 792 1 0 Jan02 ? 00:00:00 dbus-daemon --system --fork
root 821 1 0 Jan02 ? 00:00:05 /lib/systemd/systemd-logind
root 838 1 0 Jan02 ? 00:00:00 upstart-file-bridge --daemon
root 1141 1 0 Jan02 ? 00:00:08 /usr/sbin/racoon
root 1197 1 0 Jan02 ? 00:00:02 runsvdir -P /etc/service
log:
...............................................................................
root 1198 1 0 Jan02 tty4 00:00:00 /sbin/getty -8 38400 tty4
root 1201 1 0 Jan02 tty5 00:00:00 /sbin/getty -8 38400 tty5
root 1205 1 0 Jan02 tty2 00:00:00 /sbin/getty -8 38400 tty2
root 1206 1 0 Jan02 tty3 00:00:00 /sbin/getty -8 38400 tty3
root 1208 1 0 Jan02 tty6 00:00:00 /sbin/getty -8 38400 tty6
root 1248 1 0 Jan02 ? 00:00:00 /usr/sbin/sshd -D
root 1252 1 0 Jan02 ? 00:00:10 cron
daemon 1255 1 0 Jan02 ? 00:00:00 atd
root 1256 1 0 Jan02 ? 00:00:00 acpid -c /etc/acpi/events
-s /var/run/acpid.socket
lxc-dns+ 1336 1 0 Jan02 ? 00:00:00 dnsmasq -u lxc-dnsmasq
--strict-order --bind-interfaces --pid-file=/run/lxc/dnsmasq.pid
--conf-file= --listen
root 1495 1 0 Jan02 ? 00:00:00 /bin/sh /usr/bin/mysqld_safe
root 2596 2 0 Jan02 ? 00:00:02 [kauditd]
root 3194 1 0 Jan02 ? 00:00:02 /usr/lib/postfix/master
postfix 3199 3194 0 Jan02 ? 00:00:00 qmgr -l -t unix -u
root 3499 1 0 Jan02 tty1 00:00:00 /sbin/getty -8 38400 tty1
root 9934 1 0 Jan05 ? 00:00:04 /sbin/cgmanager --sigstop
--debug -m name=systemd
root 24028 1248 0 20:15 ? 00:00:00 sshd: ranjib [priv]
ranjib 24036 24028 0 20:15 ? 00:00:00 sshd: ranjib at pts/0
ranjib 24113 24037 0 20:15 pts/0 00:00:00 ps -ef
regards
ranjib
On Wed, Jan 7, 2015 at 12:12 PM, Serge Hallyn <serge.hallyn at ubuntu.com>
wrote:
> Quoting Ranjib Dey (dey.ranjib at gmail.com):
> > Hi serge,
>
> Hm I thought I'd already asked this but dont' see it - what kernel
> are you running, and is a cgproxy running? What does 'ps -ef' and
> 'uname -a' show?
>
> > when i execute `cgm movepid all go $(pid)` as root, i get the following
> > error
> >
> > MovePid: Client fd is: 6 (pid=16139, uid=0, gid=0)
> > cgmanager:do_move_pid_main: victim's cgroup is not under proxy's (p.uid
> 0)
> > Disconnected from private client
>
> Did root first do a 'cgm movepidabs all / $$' ?
>
> > if i try sudo -u go cgm movepid all go $(pid), it picks up correct p.uid,
> > but still fails
> >
> > Connection from private client
> > MovePid: Client fd is: 6 (pid=16612, uid=111, gid=117)
> > cgmanager:do_move_pid_main: victim's cgroup is not under proxy's (p.uid
> 111)
> > Disconnected from private client
> >
> >
> > regards
> > ranjib
> >
> > On Mon, Jan 5, 2015 at 12:11 PM, Serge Hallyn <serge.hallyn at ubuntu.com>
> > wrote:
> >
> > > Quoting Ranjib Dey (dey.ranjib at gmail.com):
> > > > following is the debug log:
> > > >
> > > > MovePid: Client fd is: 6 (pid=10783, uid=111, gid=117)
> > > > cgmanager: Invalid path
> > > > /run/cgmanager/fs/hugetlb/user/1001.user/83.session/go
> > > > cgmanager:do_move_pid_main: Invalid path
> > > > /run/cgmanager/fs/hugetlb/user/1001.user/83.session/go
> > > > Disconnected from private client
> > > >
> > > > 1001 is wrong user (my login user), not `go` user's UID, which is
> 100.
> > >
> > > I assume you're running this using sudo from uid 1001. Since that is
> > > also how you did the create and chown, that should be ok. I'm not
> > > understanding why the cg does not exist.
> > >
> > > The least confusing thing to do might be to have root do
> > > something like
> > >
> > > cgm movepidabs all / $$
> > > cgm create all go
> > > cgm chown all go $(id -u go) $(id -g go)
> > > cgh movepid all go $(pid)
> > >
> > > > /run/cgmanager/fs/hugetlb/ directory is empty,
> > >
> > > It's in a private namespace. You'd have to mount it yourself to
> > > see.
> > > _______________________________________________
> > > lxc-users mailing list
> > > lxc-users at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150107/801477f5/attachment.html>
More information about the lxc-users
mailing list