[lxc-users] Unprivileged Lxc won't start on Debian Sid
zer0 divide
zer0.divide at yahoo.fr
Tue Mar 10 14:11:03 UTC 2015
Hi,
Sorry for this late reply, I never received any mail to warn me that I
got an answer.
I was looking on the web for similar issues, when I saw that you
answered to me.
Well, I removed :
* cgroup-bin
* cgroup-tools
Then I reboot the machine, and I get this (lxc-start -n test
--logpriority DEBUG --logfile /tmp/lxc.log) :
lxc-start 1425995573.760 INFO lxc_start_ui -
lxc_start.c:main:265 - using rcfile
/home/huraira/.local/share/lxc/test/config
lxc-start 1425995573.762 INFO lxc_confile -
confile.c:config_idmap:1325 - read uid map: type u nsid 0 hostid 1214112
range 65536
lxc-start 1425995573.762 INFO lxc_confile -
confile.c:config_idmap:1325 - read uid map: type g nsid 0 hostid 1214112
range 65536
lxc-start 1425995573.762 WARN lxc_log -
log.c:lxc_log_init:316 - lxc_log_init called with log already initialized
lxc-start 1425995573.763 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
perf_event unknown to /home/huraira/.local/share/lxc test
lxc-start 1425995573.763 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
devices unknown to /home/huraira/.local/share/lxc test
lxc-start 1425995573.763 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpu
unknown to /home/huraira/.local/share/lxc test
lxc-start 1425995573.763 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
memory unknown to /home/huraira/.local/share/lxc test
lxc-start 1425995573.763 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
freezer unknown to /home/huraira/.local/share/lxc test
lxc-start 1425995573.763 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
net_cls unknown to /home/huraira/.local/share/lxc test
lxc-start 1425995573.763 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
blkio unknown to /home/huraira/.local/share/lxc test
lxc-start 1425995573.763 WARN lxc_cgfs -
cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
cpuset unknown to /home/huraira/.local/share/lxc test
lxc-start 1425995573.763 INFO lxc_lsm - lsm/lsm.c:lsm_init:48
- LSM security driver nop
lxc-start 1425995573.763 DEBUG lxc_conf -
conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/1' (5/6)
lxc-start 1425995573.763 DEBUG lxc_conf -
conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/2' (7/8)
lxc-start 1425995573.763 DEBUG lxc_conf -
conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/3' (9/10)
lxc-start 1425995573.763 DEBUG lxc_conf -
conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/4' (11/12)
lxc-start 1425995573.763 INFO lxc_conf -
conf.c:lxc_create_tty:3676 - tty's configured
lxc-start 1425995573.763 DEBUG lxc_start -
start.c:setup_signal_fd:247 - sigchild handler set
lxc-start 1425995573.763 DEBUG lxc_console -
console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer
lxc-start 1425995573.763 INFO lxc_caps -
caps.c:lxc_caps_up:101 - Last supported cap was 36
lxc-start 1425995573.764 DEBUG lxc_console -
console.c:lxc_console_peer_default:506 - using '/dev/tty' as console
lxc-start 1425995573.764 DEBUG lxc_console -
console.c:lxc_console_sigwinch_init:179 - 2325 got SIGWINCH fd 17
lxc-start 1425995573.764 DEBUG lxc_console -
console.c:lxc_console_winsz:88 - set winsz dstfd:14 cols:80 rows:24
lxc-start 1425995574.362 INFO lxc_start -
start.c:lxc_init:443 - 'test' is initialized
lxc-start 1425995574.394 DEBUG lxc_start -
start.c:__lxc_start:1058 - Not dropping cap_sys_boot or watching utmp
lxc-start 1425995574.394 INFO lxc_start -
start.c:lxc_spawn:802 - Cloning a new user namespace
lxc-start 1425995574.394 INFO lxc_cgroup -
cgroup.c:cgroup_init:62 - cgroup driver cgroupfs initing for test
lxc-start 1425995574.394 ERROR lxc_cgfs -
cgfs.c:lxc_cgroupfs_create:956 - Permission denied - Could not create
cgroup '/test' in '/sys/fs/cgroup/cpuset'.
lxc-start 1425995574.394 ERROR lxc_cgfs -
cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to
delete /sys/fs/cgroup/cpuset/
lxc-start 1425995574.394 ERROR lxc_cgfs -
cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to
delete /sys/fs/cgroup/blkio/
lxc-start 1425995574.394 ERROR lxc_cgfs -
cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to
delete /sys/fs/cgroup/net_cls,net_prio/
lxc-start 1425995574.395 ERROR lxc_cgfs -
cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to
delete /sys/fs/cgroup/freezer/
lxc-start 1425995574.395 ERROR lxc_cgfs -
cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to
delete /sys/fs/cgroup/memory/
lxc-start 1425995574.395 ERROR lxc_cgfs -
cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to
delete /sys/fs/cgroup/cpu,cpuacct/
lxc-start 1425995574.395 ERROR lxc_cgfs -
cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to
delete /sys/fs/cgroup/devices/user.slice
lxc-start 1425995574.395 ERROR lxc_cgfs -
cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to
delete /sys/fs/cgroup/perf_event/
lxc-start 1425995574.395 ERROR lxc_start -
start.c:lxc_spawn:861 - failed creating cgroups
lxc-start 1425995574.395 ERROR lxc_start -
start.c:__lxc_start:1080 - failed to spawn 'test'
lxc-start 1425995574.395 WARN lxc_conf -
conf.c:lxc_delete_autodev:1575 - Failed to locate autodev /dev/.lxc and
/dev/.lxc/user.
lxc-start 1425995574.395 ERROR lxc_start_ui -
lxc_start.c:main:342 - The container failed to start.
lxc-start 1425995574.395 ERROR lxc_start_ui -
lxc_start.c:main:346 - Additional information can be obtained by setting
the --logfile and --logpriority options.
*Packages related to cgmanager installed on the system :*
huraira at debian:~$ dpkg -l|grep -i cg
ii cgmanager 0.36-2 amd64 Central
cgroup manager daemon
ii cgmanager-tests 0.36-2 all
Central cgroup manager daemon (tests)
rc cgroupfs-mount 1.1 all
Light-weight package to set up cgroupfs mounts
ri coinor-libcgl1 0.58.9-1 amd64
COIN-OR Cut Generation Library
ii libcgmanager0:amd64 0.36-2 amd64
Central cgroup manager daemon (client library)
ii libcgroup1:amd64 0.41-6 amd64
control and monitor control groups (library)
ii libpam-cgroup:amd64 0.41-6 amd64
control and monitor control groups (PAM)
*Packages related to systemd installed on the system :*
huraira at debian:~$ dpkg -l|grep -i systemd
ii libpam-systemd:amd64 219-4
amd64 system and service manager - PAM module
ii libsystemd-login0:amd64 215-12
amd64 systemd login utility library (deprecated)
ii libsystemd0:amd64 219-4 amd64
systemd utility library
ii systemd 219-4 amd64 system and
service manager
ii systemd-sysv 219-4 amd64 system
and service manager - SysV links
I do not have systemd-logind nor systemd-shim installed, because
systemd run as pid 1 and libsystemd0 replace libsystemd-login0
(deprecated) that replace systemd-logind.
*Packages related to lxc installed on the system :*
huraira at debian:~$ dpkg -l|grep -i lxc
ii lxc 1:1.0.7-1 amd64 Linux
Containers userspace tools
*What you asked* :
huraira at debian:~$ *ps -ef | grep cgmanager*
root 1355 1 0 mars08 ? 00:00:00 /sbin/cgmanager -m
name=systemd
huraira 21683 21681 0 14:46 pts/7 00:00:00 grep cgmanager
huraira at debian:~$ *ls /sys/fs/cgroup /sys/fs/cgroup/cgmanager*
/sys/fs/cgroup:
blkio cgmanager cpu cpuacct cpu,cpuacct cpuset devices freezer
memory net_cls net_cls,net_prio net_prio perf_event systemd
/sys/fs/cgroup/cgmanager:
sock
*huraira at debian:~$ cat /proc/self/cgroup*
9:devices:/user.slice
8:memory:/
7:cpuset:/
6:freezer:/
5:net_cls,net_prio:/
4:cpu,cpuacct:/
3:perf_event:/
2:blkio:/
1:name=systemd:/user.slice/user-1000.slice/session-1.scope
*huraira at debian:~$ systemctl status cgconfig*
● cgconfig.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)
*huraira at debian:~$ systemctl status cgmanager*
● cgmanager.service - Cgroup management daemon
Loaded: loaded (/lib/systemd/system/cgmanager.service; enabled;
vendor preset: enabled)
Active: active (running) since mar. 2015-03-10 14:52:37 CET; 3min
51s ago
Main PID: 1391 (cgmanager)
CGroup: /system.slice/cgmanager.service
‣ 1391 /sbin/cgmanager -m name=systemd
Warning: Journal has been rotated since unit was started. Log output is
incomplete or unavailable.
Thanks
On 10/03/2015 14:32, zer0 divide wrote:
> Quoting zer0 divide (zer0.divide at yahoo.fr <http://lists.linuxcontainers.org/listinfo/lxc-users>):
> >/ Hi,
> />/ I try to start an unprivileged Lxc container under Debian Sid for a
> />/ while, I tried a lot of things, but it does not work.
> />/
> />/ Futhermore, I asked here if it was a bug, but it seems not :
> />/ https://github.com/lxc/lxc/issues/414#issuecomment-71414827
> />/
> />/ Now, I'am wondering if it is not a Debian specific problem related
> />/ to some right access on /sys/fs/cgroup.
> />/
> />/ Here the ouput of systemctl status cgconfig
> />/
> />/ /hur//aira//@debian:~$ systemctl status cgconfig //
> />/ //● cgconfig.service//
> />/ // Loaded: not-found (Reason: No such file or directory)//
> />/ // Active: inactive (dead)/
> /
> >/ Here some packages installed on my system :
> />/ /lxc 1:1.0.7-1 amd64//
> />/ //cgmanager 0.35-1 amd64//
> /
> A few things i notice here,
>
> 1. you have cgmanager and cgroup-bin both installed. That can
> sometime be a problem
> 2. your container is using cgfs, not cgmanager. Is cgmanager
> actually running?
> 3. do you have systemd-logind and (if not running systemd as pid 1)
> systemd-shim installed? those are supposed to, upon login, give
> you cgroups which you can administer so that lxc can create
> cgroups under your uid.
>
> So what do
>
> ps -ef | grep cgmanager
> ls /sys/fs/cgroup /sys/fs/cgroup/cgmanager
> cat /proc/self/cgroup
>
> show?
>
> >/ //cgroup-bin 0.41-6 all//
> />/ //cgroup-tools 0.41-6 amd64//
> />/ //libcgmanager0: 0.35-1 amd64//
> />/ //libcgroup1:amd 0.41-6 amd64//
> />/ //libpam-cgroup: 0.41-6// amd64/
> />/
> />/ Here the log *lxc-start -n test -l DEBUG -o /tmp/lxc_test.log -f
> />/ ~/.config/lxc/default.conf*:
> />/ /
> />/ // lxc-start 1422302714.376 INFO lxc_confile -
> />/ confile.c:config_idmap:1325 - read uid map: type u nsid 0 hostid
> />/ 1214112 range 65536//
> />/ // lxc-start 1422302714.376 INFO lxc_confile -
> />/ confile.c:config_idmap:1325 - read uid map: type g nsid 0 hostid
> />/ 1214112 range 65536//
> />/ // lxc-start 1422302714.377 WARN lxc_log -
> />/ log.c:lxc_log_init:316 - lxc_log_init called with log already
> />/ initialized//
> />/ // lxc-start 1422302714.378 INFO lxc_confile -
> />/ confile.c:config_idmap:1325 - read uid map: type u nsid 0 hostid
> />/ 1214112 range 65536//
> />/ // lxc-start 1422302714.378 INFO lxc_confile -
> />/ confile.c:config_idmap:1325 - read uid map: type g nsid 0 hostid
> />/ 1214112 range 65536//
> />/ // lxc-start 1422302714.378 WARN lxc_cgfs -
> />/ cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
> />/ cpuset unknown to /home/huraira/.local/share/lxc test//
> />/ // lxc-start 1422302714.378 WARN lxc_cgfs -
> />/ cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
> />/ perf_event unknown to /home/huraira/.local/share/lxc test//
> />/ // lxc-start 1422302714.378 WARN lxc_cgfs -
> />/ cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
> />/ cpu unknown to /home/huraira/.local/share/lxc test//
> />/ // lxc-start 1422302714.378 WARN lxc_cgfs -
> />/ cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
> />/ net_cls unknown to /home/huraira/.local/share/lxc test//
> />/ // lxc-start 1422302714.378 WARN lxc_cgfs -
> />/ cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
> />/ blkio unknown to /home/huraira/.local/share/lxc test//
> />/ // lxc-start 1422302714.378 WARN lxc_cgfs -
> />/ cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
> />/ memory unknown to /home/huraira/.local/share/lxc test//
> />/ // lxc-start 1422302714.378 WARN lxc_cgfs -
> />/ cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
> />/ freezer unknown to /home/huraira/.local/share/lxc test//
> />/ // lxc-start 1422302714.378 WARN lxc_cgfs -
> />/ cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup
> />/ devices unknown to /home/huraira/.local/share/lxc test//
> />/ // lxc-start 1422302714.378 INFO lxc_lsm -
> />/ lsm/lsm.c:lsm_init:48 - LSM security driver nop//
> />/ // lxc-start 1422302714.378 DEBUG lxc_start -
> />/ start.c:setup_signal_fd:247 - sigchild handler set//
> />/ // lxc-start 1422302714.378 INFO lxc_start -
> />/ start.c:lxc_init:443 - 'test' is initialized//
> />/ // lxc-start 1422302714.379 DEBUG lxc_start -
> />/ start.c:__lxc_start:1058 - Not dropping cap_sys_boot or watching
> />/ utmp//
> />/ // lxc-start 1422302714.379 INFO lxc_start -
> />/ start.c:lxc_spawn:802 - Cloning a new user namespace//
> />/ // lxc-start 1422302714.379 INFO lxc_cgroup -
> />/ cgroup.c:cgroup_init:62 - cgroup driver cgroupfs initing for test//
> />/ // lxc-start 1422302714.379 ERROR lxc_cgfs -
> />/ cgfs.c:lxc_cgroupfs_create:956 - Permission denied - Could not
> />/ create cgroup '/test' in '/sys/fs/cgroup/devices'.//
> />/ // lxc-start 1422302714.379 ERROR lxc_cgfs -
> />/ cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> />/ to delete /sys/fs/cgroup/devices///
> />/ // lxc-start 1422302714.379 ERROR lxc_cgfs -
> />/ cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> />/ to delete /sys/fs/cgroup/freezer///
> />/ // lxc-start 1422302714.379 ERROR lxc_cgfs -
> />/ cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> />/ to delete /sys/fs/cgroup/memory///
> />/ // lxc-start 1422302714.379 ERROR lxc_cgfs -
> />/ cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> />/ to delete /sys/fs/cgroup/blkio///
> />/ // lxc-start 1422302714.380 ERROR lxc_cgfs -
> />/ cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> />/ to delete /sys/fs/cgroup/net_cls,net_prio///
> />/ // lxc-start 1422302714.380 ERROR lxc_cgfs -
> />/ cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> />/ to delete /sys/fs/cgroup/cpu,cpuacct///
> />/ // lxc-start 1422302714.380 ERROR lxc_cgfs -
> />/ cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> />/ to delete /sys/fs/cgroup/perf_event///
> />/ // lxc-start 1422302714.380 ERROR lxc_cgfs -
> />/ cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> />/ to delete /sys/fs/cgroup/cpuset///
> />/ // lxc-start 1422302714.380 ERROR lxc_start -
> />/ start.c:lxc_spawn:861 - failed creating cgroups//
> />/ // lxc-start 1422302714.380 ERROR lxc_start -
> />/ start.c:__lxc_start:1080 - failed to spawn 'test'//
> />/ // lxc-start 1422302714.380 WARN lxc_conf -
> />/ conf.c:lxc_delete_autodev:1575 - Failed to locate autodev /dev/.lxc
> />/ and /dev/.lxc/user.//
> />/ // lxc-start 1422302714.380 ERROR lxc_start_ui -
> />/ lxc_start.c:main:342 - The container failed to start./
> /
> >/ _______________________________________________
> />/ lxc-users mailing list
> />/ lxc-users at lists.linuxcontainers.org <http://lists.linuxcontainers.org/listinfo/lxc-users>
> />/ http://lists.linuxcontainers.org/listinfo/lxc-users/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150310/384afd09/attachment-0001.html>
More information about the lxc-users
mailing list