[lxc-users] Disappearing cgroups
Ben Green
ben at bristolwireless.net
Tue Oct 1 10:56:58 UTC 2019
Hi all,
another troubling question from me. This has been stopping me using
LXC for production environments for a good few years now. The problem
persists with LXC 3.0 so I'm finally trying to get some help (got
nothing on the IRC when I tried).
I have number of containers that I have running via my unprivileged
user account, 'lxcadmin'. They function fine, except for one thing.
Their cgroup membership disappears on occasion.
I've set the groups I want to be loaded in /etc/pam.d/common-session
and /etc/pam.d/common-session-noninteractive like this:
session optional pam_cgfs.so -c
blkio,cpu,cpuacct,cpuset,devices,freezer,memory,net_cls,net_prio,perf_event,name=systemd
Those options seem to propagate fine. I can run containers in two ways:
1/ By logging in as root, then su - lxcadmin.
2/ By logging is as lxcadmin directly via ssh.
When I do 1/ - cgroups live at
/sys/fs/cgroup/memory/user/lxcadmin/0/lxc.payload/<container_name>/
When I do 2/ - cgroups live at
/sys/fs/cgroup/memory/user.slice/user-202.slice/session-2074.scope/lxc.payload/<container_name> or
similar.
I'm not sure which is preferable for security. I assume this is a
systemd thing. In any case, I lose cgroups for sure when using 2/.
Some of them just disappear, not sure why. I've log in again at some
point and few cgroups have disappeared, blkio is gone for example.
I LXC 2.0 the memory cgroup directory had disappeared for the
container, which made the container too dangerous to use. Now in LXC
3.0 I lose a few others, but memory is maintained.
So questions:
* How can I find out why the cgroups are disappearing? I've found
nothing in the logs. Any help
* Which user should I be logging in as?
* A long shot perhaps, but, why are my cgroups disappearing?
Cheers,
Ben
More information about the lxc-users
mailing list