[lxc-users] Unprivileged Lxc won't start on Debian Sid

Serge Hallyn serge.hallyn at ubuntu.com
Thu Mar 12 05:37:15 UTC 2015 

Quoting zer0 divide (zer0.divide at yahoo.fr):
> huraira at debian:~$ dpkg -l|grep -i lxc
> ii  lxc 1:1.0.7-1                           amd64        Linux
> Containers userspace tools

Ok, the debian version of lxc is compiled with cgmnager explicitly
disabled.  Also,

> /sys/fs/cgroup/cgmanager:
> sock
> 
> *huraira at debian:~$ cat /proc/self/cgroup*
> 9:devices:/user.slice
> 8:memory:/
> 7:cpuset:/
> 6:freezer:/
> 5:net_cls,net_prio:/
> 4:cpu,cpuacct:/
> 3:perf_event:/
> 2:blkio:/
> 1:name=systemd:/user.slice/user-1000.slice/session-1.scope

You can't create cgroups here.  You'll need to somehow get
yourself cgroups which you own.  One way to do it is

sudo cgm create all user
sudo cgm chown all user $(id -u) $(id -g)
cgm movepid all user $$

> *huraira at debian:~$ systemctl status cgconfig*
> ● cgconfig.service
>    Loaded: not-found (Reason: No such file or directory)
>    Active: inactive (dead)
> 
> *huraira at debian:~$ systemctl status cgmanager*
> ● cgmanager.service - Cgroup management daemon
>    Loaded: loaded (/lib/systemd/system/cgmanager.service; enabled;
> vendor preset: enabled)
>    Active: active (running) since mar. 2015-03-10 14:52:37 CET; 3min
> 51s ago
>  Main PID: 1391 (cgmanager)
>    CGroup: /system.slice/cgmanager.service
>            ‣ 1391 /sbin/cgmanager -m name=systemd
> 
> Warning: Journal has been rotated since unit was started. Log output
> is incomplete or unavailable.
> 
> 
> 
> 
> 
> 
> 
> Thanks
> 
> On 10/03/2015 14:32, zer0 divide wrote:
> >Quoting zer0 divide (zer0.divide at yahoo.fr  <http://lists.linuxcontainers.org/listinfo/lxc-users>):
> >>/  Hi,
> >/>/  I try to start an unprivileged Lxc container under Debian Sid for a
> >/>/  while, I tried a lot of things, but it does not work.
> >/>/  />/  Futhermore, I asked here if it was a bug, but it seems
> >not :
> >/>/  https://github.com/lxc/lxc/issues/414#issuecomment-71414827
> >/>/  />/  Now, I'am wondering if it is not a Debian specific
> >problem related
> >/>/  to some right access on /sys/fs/cgroup.
> >/>/  />/  Here the ouput of systemctl status cgconfig
> >/>/  />/  /hur//aira//@debian:~$ systemctl status cgconfig //
> >/>/  //● cgconfig.service//
> >/>/  //   Loaded: not-found (Reason: No such file or directory)//
> >/>/  //   Active: inactive (dead)/
> >/
> >>/  Here some packages installed on my system :
> >/>/  /lxc            1:1.0.7-1    amd64//
> >/>/  //cgmanager      0.35-1       amd64//
> >/
> >A few things i notice here,
> >
> >1. you have cgmanager and cgroup-bin both installed.  That can
> >sometime be a problem
> >2. your container is using cgfs, not cgmanager.  Is cgmanager
> >actually running?
> >3. do you have systemd-logind and (if not running systemd as pid 1)
> >systemd-shim installed?  those are supposed to, upon login, give
> >you cgroups which you can administer so that lxc can create
> >cgroups under your uid.
> >
> >So what do
> >
> >ps -ef | grep cgmanager
> >ls /sys/fs/cgroup /sys/fs/cgroup/cgmanager
> >cat /proc/self/cgroup
> >
> >show?
> >
> >>/  //cgroup-bin     0.41-6       all//
> >/>/  //cgroup-tools   0.41-6       amd64//
> >/>/  //libcgmanager0: 0.35-1       amd64//
> >/>/  //libcgroup1:amd 0.41-6       amd64//
> >/>/  //libpam-cgroup: 0.41-6//      amd64/
> >/>/  />/  Here the log *lxc-start -n test -l DEBUG -o
> >/tmp/lxc_test.log -f
> >/>/  ~/.config/lxc/default.conf*:
> >/>/  /
> >/>/  //      lxc-start 1422302714.376 INFO     lxc_confile -
> >/>/  confile.c:config_idmap:1325 - read uid map: type u nsid 0 hostid
> >/>/  1214112 range 65536//
> >/>/  //      lxc-start 1422302714.376 INFO     lxc_confile -
> >/>/  confile.c:config_idmap:1325 - read uid map: type g nsid 0 hostid
> >/>/  1214112 range 65536//
> >/>/  //      lxc-start 1422302714.377 WARN     lxc_log -
> >/>/  log.c:lxc_log_init:316 - lxc_log_init called with log already
> >/>/  initialized//
> >/>/  //      lxc-start 1422302714.378 INFO     lxc_confile -
> >/>/  confile.c:config_idmap:1325 - read uid map: type u nsid 0 hostid
> >/>/  1214112 range 65536//
> >/>/  //      lxc-start 1422302714.378 INFO     lxc_confile -
> >/>/  confile.c:config_idmap:1325 - read uid map: type g nsid 0 hostid
> >/>/  1214112 range 65536//
> >/>/  //      lxc-start 1422302714.378 WARN     lxc_cgfs -
> >/>/  cgfs.c:lxc_cgroup_get_container_info:1100  - Not attaching to cgroup
> >/>/  cpuset unknown to /home/huraira/.local/share/lxc test//
> >/>/  //      lxc-start 1422302714.378 WARN     lxc_cgfs -
> >/>/  cgfs.c:lxc_cgroup_get_container_info:1100  - Not attaching to cgroup
> >/>/  perf_event unknown to /home/huraira/.local/share/lxc test//
> >/>/  //      lxc-start 1422302714.378 WARN     lxc_cgfs -
> >/>/  cgfs.c:lxc_cgroup_get_container_info:1100  - Not attaching to cgroup
> >/>/  cpu unknown to /home/huraira/.local/share/lxc test//
> >/>/  //      lxc-start 1422302714.378 WARN     lxc_cgfs -
> >/>/  cgfs.c:lxc_cgroup_get_container_info:1100  - Not attaching to cgroup
> >/>/  net_cls unknown to /home/huraira/.local/share/lxc test//
> >/>/  //      lxc-start 1422302714.378 WARN     lxc_cgfs -
> >/>/  cgfs.c:lxc_cgroup_get_container_info:1100  - Not attaching to cgroup
> >/>/  blkio unknown to /home/huraira/.local/share/lxc test//
> >/>/  //      lxc-start 1422302714.378 WARN     lxc_cgfs -
> >/>/  cgfs.c:lxc_cgroup_get_container_info:1100  - Not attaching to cgroup
> >/>/  memory unknown to /home/huraira/.local/share/lxc test//
> >/>/  //      lxc-start 1422302714.378 WARN     lxc_cgfs -
> >/>/  cgfs.c:lxc_cgroup_get_container_info:1100  - Not attaching to cgroup
> >/>/  freezer unknown to /home/huraira/.local/share/lxc test//
> >/>/  //      lxc-start 1422302714.378 WARN     lxc_cgfs -
> >/>/  cgfs.c:lxc_cgroup_get_container_info:1100  - Not attaching to cgroup
> >/>/  devices unknown to /home/huraira/.local/share/lxc test//
> >/>/  //      lxc-start 1422302714.378 INFO     lxc_lsm -
> >/>/  lsm/lsm.c:lsm_init:48 - LSM security driver nop//
> >/>/  //      lxc-start 1422302714.378 DEBUG    lxc_start -
> >/>/  start.c:setup_signal_fd:247 - sigchild handler set//
> >/>/  //      lxc-start 1422302714.378 INFO     lxc_start -
> >/>/  start.c:lxc_init:443 - 'test' is initialized//
> >/>/  //      lxc-start 1422302714.379 DEBUG    lxc_start -
> >/>/  start.c:__lxc_start:1058 - Not dropping cap_sys_boot or watching
> >/>/  utmp//
> >/>/  //      lxc-start 1422302714.379 INFO     lxc_start -
> >/>/  start.c:lxc_spawn:802 - Cloning a new user namespace//
> >/>/  //      lxc-start 1422302714.379 INFO     lxc_cgroup -
> >/>/  cgroup.c:cgroup_init:62 - cgroup driver cgroupfs initing for test//
> >/>/  //      lxc-start 1422302714.379 ERROR    lxc_cgfs -
> >/>/  cgfs.c:lxc_cgroupfs_create:956 - Permission denied - Could not
> >/>/  create cgroup '/test' in '/sys/fs/cgroup/devices'.//
> >/>/  //      lxc-start 1422302714.379 ERROR    lxc_cgfs -
> >/>/  cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> >/>/  to delete /sys/fs/cgroup/devices///
> >/>/  //      lxc-start 1422302714.379 ERROR    lxc_cgfs -
> >/>/  cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> >/>/  to delete /sys/fs/cgroup/freezer///
> >/>/  //      lxc-start 1422302714.379 ERROR    lxc_cgfs -
> >/>/  cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> >/>/  to delete /sys/fs/cgroup/memory///
> >/>/  //      lxc-start 1422302714.379 ERROR    lxc_cgfs -
> >/>/  cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> >/>/  to delete /sys/fs/cgroup/blkio///
> >/>/  //      lxc-start 1422302714.380 ERROR    lxc_cgfs -
> >/>/  cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> >/>/  to delete /sys/fs/cgroup/net_cls,net_prio///
> >/>/  //      lxc-start 1422302714.380 ERROR    lxc_cgfs -
> >/>/  cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> >/>/  to delete /sys/fs/cgroup/cpu,cpuacct///
> >/>/  //      lxc-start 1422302714.380 ERROR    lxc_cgfs -
> >/>/  cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> >/>/  to delete /sys/fs/cgroup/perf_event///
> >/>/  //      lxc-start 1422302714.380 ERROR    lxc_cgfs -
> >/>/  cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed
> >/>/  to delete /sys/fs/cgroup/cpuset///
> >/>/  //      lxc-start 1422302714.380 ERROR    lxc_start -
> >/>/  start.c:lxc_spawn:861 - failed creating cgroups//
> >/>/  //      lxc-start 1422302714.380 ERROR    lxc_start -
> >/>/  start.c:__lxc_start:1080 - failed to spawn 'test'//
> >/>/  //      lxc-start 1422302714.380 WARN     lxc_conf -
> >/>/  conf.c:lxc_delete_autodev:1575 - Failed to locate autodev /dev/.lxc
> >/>/  and /dev/.lxc/user.//
> >/>/  //      lxc-start 1422302714.380 ERROR    lxc_start_ui -
> >/>/  lxc_start.c:main:342 - The container failed to start./
> >/
> >>/  _______________________________________________
> >/>/  lxc-users mailing list
> >/>/  lxc-users at lists.linuxcontainers.org  <http://lists.linuxcontainers.org/listinfo/lxc-users>
> >/>/  http://lists.linuxcontainers.org/listinfo/lxc-users/
>

More information about the lxc-users mailing list