[lxc-users] Hint for CentOS 7 guests in Debian stretch with KAISER/KPTI kernel

Christoph Lechleitner christoph.lechleitner at iteg.at
Thu Jan 11 16:19:43 UTC 2018


Hi everybody!

After this cost me an afternoon I thought I should share the solution
here ;-)

We are running multiple LXC hosts with Debian jessie resp. stretch,
using sysv-init over systemd in the host system.

99% of the guest systems are Debian too, but we also have guests with
CentOS 6 and 7 (one each) for development.

After upgrading the host system from Debian Jessie (with kernel 4.0.x
from jessie-backports) to Debian stretch with kernel 4.9.65-3+deb9u2
(includes KAISER patches AKA KPTI against meltdown), our CentOS 7 guest
were half broken.

The container still started up, but every attempt to use any systemctl
command in the container fails with over missing D-Bus connection:

# LANG="C" systemctl -a
Failed to get D-Bus connection: No such file or directory
--- SNIP ---

After more research, we found the following at the beginning resp. end
of the regarding lxc.console log file:

Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
[...]
Cannot determine cgroup we are running in: No such file or directory
Failed to allocate manager object: No such file or directory
[!!!!!!] Failed to allocate manager object, freezing.
--- SNIP ---

The solution, based on
https://github.com/debops/ansible-lxc/issues/15#issuecomment-274751896
was to create and mount /sys/fs/cgroup/systemd in the host system, like
this:

# create /sys/fs/cgroup/systemd
mkdir -p /sys/fs/cgroup/systemd
chmod 0555

# adapt /etc/fstab part 1, we had the 1st line for years
cgroup /sys/fs/cgroup cgroup defaults 0 0

# adapt /etc/fstab part 2, this is new, and "none," was crucial!
systemd /sys/fs/cgroup/systemd cgroup
none,name=systemd,x-mount.mkdir=0555 0 0

# mount those cgroup mountpoints if not yet mounted
mount |grep "/sys/fs/cgroup " || mount /sys/fs/cgroup
mount |grep "/sys/fs/cgroup/systemd " || mount /sys/fs/cgroup/systemd

# (re)start CentOS 7 guest(s)

# voila


Hope this safes someone else some time ...


Regards,

Christoph


-- 

Christoph Lechleitner

Geschäftsführung

------------------------------------------------------------------------
ITEG IT-Engineers GmbH | Conradstr. 5, A-6020 Innsbruck
FN 365826f | Handelsgericht Innsbruck | Mobiltelefon: +43 676 3674710
Mail: christoph.lechleitner at iteg.at | Web: http://www.iteg.at/
------------------------------------------------------------------------


More information about the lxc-users mailing list