[lxc-users] using cgroups

rob e redgerhoo at yahoo.com.au
Thu Jun 30 22:42:03 UTC 2016 

On 30/06/16 11:35, Serge E. Hallyn wrote:
> On Thu, Jun 30, 2016 at 11:24:25AM +1000, Rob wrote:
>> On 30/06/2016 10:36 AM, Serge E. Hallyn wrote:
>>> Quoting Rob Edgerton (redgerhoo at yahoo.com.au):
> Oh, ok.  I'm sorry, this should have been obvious to me from the start.
>
> You need to edit /etc/pam.d/common-session and change the line that's
> something like
>
> session optional	pam_cgfs.so -c freezer,memory,name=systemd
>
> to add ",cpuset" at the end, i.e.
>
> session optional	pam_cgfs.so -c freezer,memory,name=systemd,cpuset
>
> It has been removed from the default because on systems which do a lot
> of cpu hotplugging it can be a problem:  with the legacy (non-unified)
> cpuset hierarchy, when you unplug a cpu that is part of /user, it gets
> removed, but when you re-plug it it does not get re-added.
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
thanks Serge,
I tried that. Same result. Additionally, even when I comment out the CPU 
controls, leaving only Memory limits, it still fails.

To confirm, I have 3 uses for cgroups -
1)  Resource control on CPU, Memory, Disk, Network etc eg.
             lxc.cgroup.cpuset.cpus = 1-3
             lxc.cgroup.memory.limit_in_bytes = 4G
2)  Access to devices, particularly USB tuners
             lxc.cgroup.devices.allow = c 212:* rwm
3)  Access to TAP / TUN devices in order to run VPN in a container
             lxc.cgroup.devices.allow = c 10:200 rwm

All 3 fail in the same way. Any one of them leads to failure (including 
Memory limits)

Here's the current value from /etc/pam.d/common-session
session  optional       pam_cfgs.so -c freezer,memory,name=systemd,cpuset
the memory clause already existed before edits. Memory limit setting has 
failed with default and after the above edit

Error is  "No devices group set up for ......"

thanks for your help
   Rob

PS Some emails appear to have been "lost", apologies if this is a 
logical duplicate

More information about the lxc-users mailing list