[lxc-users] CGManager and LXCFS causing lxc-start to fail for unprivileged containers

[Serge Hallyn]

Quoting Akshay Karle (akshay.a.karle at gmail.com):
> Hello,
> 
> Recently after upgrading lxc on Ubuntu 14.04.3 LTS, I noticed that it
> included the libpam-cgm package. I started to see some weird problems with
> cgroups and ownerships when trying to start an unprivileged container in
> the cases when the user running the containers is not the same as the user
> who logged in to the machine (for eg: ssh, change user and then start
> container fails). I believe this may have to do with the recent changes to
> libpam-cgm, lxcfs and cgfs as I didn't have any trouble before. After
> changing the user we used to unset the XDG envs and run the cgm commands to
> setup cgroups which stopped to work recently.
> 
> *lxc-start failure trace* (full stack trace attached):
>       lxc-start 1454029959.193 ERROR    lxc_utils -
> utils.c:setproctitle:1455 - Invalid argument - setting cmdline failed
>       lxc-start 1454029959.581 ERROR    lxc_cgfs -
> cgfs.c:handle_cgroup_settings:2091 - Permission denied - failed to set
> memory.use_hierarchy to 1; continuing
>       lxc-start 1454029959.581 ERROR    lxc_cgfs -
> cgfs.c:lxc_cgroupfs_create:849 - Could not set clone_children to 1 for
> cpuset hierarchy in parent cgroup.
>       lxc-start 1454029959.581 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:166
> - cgroup_rmdir: failed to open /run/lxcfs/controllers/perf_event/user/test/0
>       lxc-start 1454029959.581 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:166
> - cgroup_rmdir: failed to open /run/lxcfs/controllers/memory/user/test/0
>       lxc-start 1454029959.581 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:166
> - cgroup_rmdir: failed to open /run/lxcfs/controllers/hugetlb/user/test/0
>       lxc-start 1454029959.581 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:166
> - cgroup_rmdir: failed to open /run/lxcfs/controllers/freezer/user/test/0
>       lxc-start 1454029959.581 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:166
> - cgroup_rmdir: failed to open /run/lxcfs/controllers/devices/user/test/0
>       lxc-start 1454029959.581 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:166
> - cgroup_rmdir: failed to open /run/lxcfs/controllers/cpuset/user/test/0
>       lxc-start 1454029959.581 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:166
> - cgroup_rmdir: failed to open /run/lxcfs/controllers/cpuacct/user/test/0
>       lxc-start 1454029959.581 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:166
> - cgroup_rmdir: failed to open /run/lxcfs/controllers/cpu/user/test/0
>       lxc-start 1454029959.581 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:166
> - cgroup_rmdir: failed to open /run/lxcfs/controllers/blkio/user/test/0
>       lxc-start 1454029959.581 ERROR    lxc_start - start.c:lxc_spawn:970 -
> failed creating cgroups
>       lxc-start 1454029959.581 ERROR    lxc_start -
> start.c:__lxc_start:1213 - failed to spawn 'test'
>       lxc-start 1454029965.093 ERROR    lxc_start_ui - lxc_start.c:main:344
> - The container failed to start.
> 
> 
> *Steps to reproduce:*
> * Upgrade LXC: $ sudo apt-get upgrade cgmanager libcgmanager0 lxc libcap2
> libseccomp2 ruby-dev lxc-dev
> * Add the management of all controllers to the pam module. Replace the
> freezer in /etc/pam.d/common-session with all controllers:
> session optional pam_cgm.so -c
> freezer,perf_event,memory,cpu,cpuacct,cpuset,blkio,hugetlb,devices

Note, just dropping the '-c freezer' argument also will tell pam_cgm.so
to use all controllers.

The debug info above says lxc is using cgfs and not cgmanager.  Exactly
which lxc package version are you using?