[lxc-users] using cgroups
Serge E. Hallyn
serge at hallyn.com
Thu Jun 30 02:48:53 UTC 2016
On Thu, Jun 30, 2016 at 02:39:37AM +0000, Rob Edgerton wrote:
...
> I updated pam.d/common-session# ================= RE Changed ================= #
> #session optional pam_cgfs.so -c freezer,memory,name=systemd
> session optional pam_cgfs.so -c freezer,memory,name=systemd,cpuset
> # ================= RE Changed ================= #
> then restarted, with similar result. Further, the config contains auth for using USB devices too# USB devices
> lxc.cgroup.devices.allow = c 10:200 rwm# CPU & Memory limits
> lxc.cgroup.cpuset.cpus = 1-3
> lxc.cgroup.cpu.shares = 256
> lxc.cgroup.memory.limit_in_bytes = 4G
> lxc.cgroup.blkio.weight = 500
Ok two things here - first, you'll of course need to add every controller
that you want to use to the pam_cgfs.so line in /etc/pam.d/common-session.
Second, in order to set devices cgroup entries you may need to use cgmanager,
as unprivileged users are not allowed to write those. But then, you
shouldn't need the devices.allow line at all, because your container is
unprivileged and therefore no devices cgroup limits are set.
> Commenting out the first line still results in start failure, as do the other lines. Even just uncommenting the memory.limit lines leads to failure with$ lxc-start -n trusty_unp_ibvpn -F
> lxc-start: cgfsng.c: cgfsng_setup_limits: 1645 No devices cgroup setup for trusty_unp_ibvpn
> lxc-start: start.c: lxc_spawn: 1226 failed to setup the devices cgroup for 'trusty_unp_ibvpn'
> lxc-start: start.c: __lxc_start: 1353 failed to spawn 'trusty_unp_ibvpn'
> lxc-start: lxc_start.c: main: 344 The container failed to start.
> lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
>
> here's a sample log sequence where ONLY "lxc.cgroup.memory.limit_in_bytes = 4G" was uncommented
> lxc-start 20160630023739.583 INFO lxc_conf - conf.c:lxc_create_tty:3303 - tty's configured
> lxc-start 20160630023739.583 INFO lxc_conf - conf.c:setup_tty:995 - 4 tty(s) has been setup
> lxc-start 20160630023739.583 INFO lxc_conf - conf.c:setup_personality:1393 - set personality to '0x0'
> lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'mac_admin' (33)
> lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'mac_override' (32)
> lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'sys_time' (25)
> lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'sys_module' (16)
> lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2056 - drop capability 'sys_rawio' (17)
> lxc-start 20160630023739.583 DEBUG lxc_conf - conf.c:setup_caps:2065 - capabilities have been setup
> lxc-start 20160630023739.583 NOTICE lxc_conf - conf.c:lxc_setup:3839 - 'trusty_unp_ibvpn' is setup.
> lxc-start 20160630123739.583 ERROR lxc_cgfsng - cgfsng.c:cgfsng_setup_limits:1645 - No devices cgroup setup for trusty_unp_ibvpn
> lxc-start 20160630123739.583 ERROR lxc_start - start.c:lxc_spawn:1226 - failed to setup the devices cgroup for 'trusty_unp_ibvpn'
> lxc-start 20160630123739.583 ERROR lxc_start - start.c:__lxc_start:1353 - failed to spawn 'trusty_unp_ibvpn'
> lxc-start 20160630123739.633 INFO lxc_conf - conf.c:run_script_argv:367 - Executing script '/usr/share/lxcfs/lxc.reboot.hook' for container 'trusty_unp_ibvpn', config section 'lxc'
> lxc-start 20160630123740.147 ERROR lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
> lxc-start 20160630123740.147 ERROR lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list