[lxc-users] Can't start unprivileged container in Ubuntu 14.04 with LXC 2
Serge E. Hallyn
serge at hallyn.com
Mon May 8 16:41:00 UTC 2017
Quoting Ben Warren (ben at skyportsystems.com):
> Hi Serge,
> > On May 4, 2017, at 9:00 AM, Serge E. Hallyn <serge at hallyn.com> wrote:
> > Quoting Ben Warren (ben at skyportsystems.com):
> >> Hi,
> >> I’m stuck with Ubuntu 14.04 for now and would like to be able to run unprivileged containers that are systemd-based. I’ve found lots of examples of problems that are close, but nothing exactly matches. I got the lxc packages from trusty-backports.
> >> Versions:
> >> ben at ben-sc:~$ lxc-ls --version
> >> 2.0.7
> >> ben at ben-sc:~$ cat /etc/lsb-release
> >> DISTRIB_ID=Ubuntu
> >> DISTRIB_RELEASE=14.04
> >> DISTRIB_CODENAME=trusty
> >> DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"
> >> To keep it simple, I created an unprivileged container of ‘trusty’ using the download method:
> >> ben at ben-sc:~$ lxc-create -n cd-build -t download
> >> When I try to start the container, it won’t work:
> >> ben at ben-sc:~$ lxc-start -n cd-build -d --logfile cd-build.log
> >> lxc-start: tools/lxc_start.c: main: 366 The container failed to start.
> >> lxc-start: tools/lxc_start.c: main: 368 To get more details, run the container in foreground mode.
> >> lxc-start: tools/lxc_start.c: main: 370 Additional information can be obtained by setting the --logfile and --logpriority options.
> >> Logfile contents:
> >> lxc-start 20170503225525.382 ERROR lxc_cgfsng - cgroups/cgfsng.c:do_secondstage_mounts_if_needed:1557 - Operation not permitted - Error remounting /usr/lib/x86_64-linux-gnu/lxc/sys/fs/cgroup/cpu read-only
> > This is odd, not the error I would have expected.
> > Can you tell me the exact version and from which ppa?
> $ dpkg -s lxc
> Package: lxc
> Status: install ok installed
> Priority: extra
> Section: oldlibs
> Installed-Size: 77
> Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
> Architecture: all
> Version: 2.0.7-0ubuntu1~14.04.1
> Depends: lxc1 (>= 2.0.7-0ubuntu1~14.04.1)
> I got it from here:
> http://us.archive.ubuntu.com/ubuntu/ trusty-backports
> Here’s what gets installed:
Hm, when I use that, I get
lxc-start 20170508163649.375 INFO lxc_cgroup - cgroups/cgroup.c:cgroup_init:68 - cgroup driver cgroupfs-ng initing for t1
lxc-start 20170508163649.375 DEBUG lxc_cgfsng - cgroups/cgfsng.c:filter_and_set_cpus:452 - Path: /sys/devices/system/cpu/isolated to read isolated cpus from does not exist.
which still stops the container from starting, but is different from your error.
More information about the lxc-users