[lxc-users] Help needed: lxc unpriv. containers and debian buster sysvinit

Serge E. Hallyn serge at hallyn.com
Wed Jan 29 05:41:25 UTC 2020


On Mon, Jan 27, 2020 at 05:07:52PM +0100, mlftp at pep.foundation wrote:
> Hi, 
> 
> I am currently trying to figure out how to run lxc on debian with sysvinit.
> I am stuck at the lxc.conf file respectively on /usr/share/lxc/config.
> 
> I get a error when try to launch my container: 
> 
> lxc-start: test: cgroups/cgfsng.c: cg_hybrid_get_controllers: 746 Found hierarchy not under /sys/fs/cgroup: "/sys/fs/cgroup rw,relatime - cgroup cgroup rw,cpuset,cpu,cpuacct,blkio,memory,devices,freezer,net_cls,perf_event,net_prio,pids,rdma "
> lxc-start: test: lsm/apparmor.c: make_apparmor_namespace: 761 Permission denied - Error creating AppArmor namespace: /sys/kernel/security/apparmor/policy/namespaces/lxc-test_<-home-melodie-.local-share-lxc>
> lxc-start: test: lsm/apparmor.c: apparmor_prepare: 980 Failed to load generated AppArmor profile

Oh - actually it seems like this is the more serious problem :)

Can you show your container configuration?  You might just want
to try

lxc.apparmor.profile = unconfined

at the end of the profile and see if that works around it.  Just as a
test, not long term.

> lxc-start: test: start.c: lxc_init: 899 Failed to initialize LSM
> lxc-start: test: start.c: __lxc_start: 1917 Failed to initialize container “test"
> 
> Usually systemd does the the cgroup stuff, said documentation and research. Before I had lxc running on Debian with sysvinit but as privileged containers.
> 
> Has anyone made similar experiences?
> Is there some documentation about manually working with cgroups and unprivileged containers on debian buster?
> Can anyone point me to the right documentation please?
> 
> I hope to save some time.
> 
> Thank you!
> Cheers, 
> 
> Mlftp
> 

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users



More information about the lxc-users mailing list