[lxc-users] unprivileged LXC and lxc-attach...

Dirk Geschke dirk at lug-erding.de
Fri Jul 21 20:45:41 UTC 2017 

Hi Serge,

> > Now I get two error messages:
> > 
> >    lxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_attach:2538 - could not move attached process 22869 to cgroup of container
> >    lxc_attach - attach.c:lxc_attach:992 - Expected to receive sequence number 0: No such file or directory.
> 
> Ok, if you look at the source, that message is a bit misleading - lxc
> never got around to trying to move the task into the cgroup, it failed
> to load a suitable set of cgroups data in the first place.
> 
> You really should be using cfsng, not cgfs.  Can you show your
> cgroup layout?  (cat /proc/self/cgroup and mount | grep cgroup)

hmm, how can I use cfsng instead of cgfs? I simply use the newest
cgmanager and start it the usual way:

   /usr/local/sbin/cgmanager --daemon -m name=systemd

And

   $ cat /proc/self/cgroup 
   14:name=systemd:/
   13:pids:/
   12:perf_event:/
   11:net_prio:/
   10:net_cls:/
   9:memory:/
   8:hugetlb:/
   7:freezer:/
   6:devices:/
   5:debug:/
   4:cpuset:/
   3:cpuacct:/
   2:cpu:/
   1:blkio:/

   $ mount |grep cgroup
   cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,size=12k,mode=755)

On older systems, where lxc-attach works, I see also:

   cgmfs                 100          0       100    0% /run/cgmanager/fs

Can this cause the problem? I don't see it on the newer system...
(I have no idea, where this mount is coming from...)

> It might help if you set the lxc.cgroup.use in your personal
> lxc.system.conf (~/.config/lxc/lxc.conf) to only include the cgroups
> your container needs -  just freezer is the bare minimum.  That might
> get your container running without switching to cgfsng.

hmm, you mean ~/.config/lxc/default.conf? I added it:

   ~$ grep lxc.cgroup.use .config/lxc/default.conf 
   lxc.cgroup.use = freezer

But it doesn't change anything, even if I add it to

   ~/.local/share/lxc/lxc-stretch/config

It's all a little bit strange. As user root, I can use lxc-attach
with setting the right Path via option -P. But it does not work
with the unpriviliged user, who started the container...

For me it is not a major problem, since I can attach as user
root. And if the network is up and running, I can manage it
via ssh. But I am a little bit irritated.

The old system works with

  cgmanager 0.33
  lxc 1.0.7

The new system uses the newest versions:

  cgmanager 0.41
  lxc 2.0.8

Best regards

Dirk

-- 
+----------------------------------------------------------------------+
| Dr. Dirk Geschke       / Plankensteinweg 61    / 85435 Erding        |
| Telefon: 08122-559448  / Mobil: 0176-96906350 / Fax: 08122-9818106   |
| dirk at geschke-online.de / dirk at lug-erding.de  / kontakt at lug-erding.de |
+----------------------------------------------------------------------+

More information about the lxc-users mailing list