[lxc-users] Disappearing cgroups

Serge E. Hallyn serge at hallyn.com
Wed Oct 9 14:18:00 UTC 2019 

On Wed, Oct 09, 2019 at 08:54:54AM +0100, Ben Green wrote:
> Quoting "Serge E. Hallyn" <serge at hallyn.com>:
> 
> > 
> > Actually you probably only want to chown the tasks and cgroup.procs files
> > to lxcadmin:, as otherwise the containers can raise their limits.
> > 
> 
> I've made that change, rebooted and started the containers, the result is

Can you show the script you're using?

> indentical though in terms of the ownership and permissions of the resulting
> cgroup:
> 
> lxcadmin at oyster:/sys/fs/cgroup$ ls -lah
> cpuset/forcontainers/lxc.payload/ex386-jessie/
> total 0
> drwxrwxr-x 2 lxcadmin  1258512 0 Oct  9 08:38 .
> drwxr-xr-x 4 lxcadmin lxcadmin 0 Oct  9 08:38 ..
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cgroup.clone_children
> -rw-rw-r-- 1 lxcadmin  1258512 0 Oct  9 08:38 cgroup.procs
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.cpu_exclusive
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.cpus
> -r--r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.effective_cpus
> -r--r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.effective_mems
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.mem_exclusive
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.mem_hardwall
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.memory_migrate
> -r--r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.memory_pressure
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.memory_spread_page
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.memory_spread_slab
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.mems
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.sched_load_balance
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 cpuset.sched_relax_domain_level
> -rw-r--r-- 1 lxcadmin lxcadmin 0 Oct  9 08:38 notify_on_release
> -rw-rw-r-- 1 lxcadmin  1258512 0 Oct  9 08:38 tasks
> 
> 
> > Yes, and it shouldn't have to run with any privilege.
> 
> I think I'll put it in .bashrc so it runs on login.
> 
> 
> Thanks so much for this. Do you think this will solve, or at least is
> working around, the problem I'm having? I guess we'll see in a few days if
> the cgroups remain intact.

If a part of systemd is killing the cgroups because it thinks something
has logged out or timed out, then it should.  If on the other hand lxc
is actually doing this, for example two unrelated lxc commands are
walking on each other's cgroups, then it will keep happening.  So if it
*does* keep happening, then I'll try to reproduce your setup.

-serge

More information about the lxc-users mailing list