[lxc-users] Help needed: lxc unpriv. containers and debian buster sysvinit
Serge E. Hallyn
serge at hallyn.com
Wed Jan 29 05:41:25 UTC 2020
On Mon, Jan 27, 2020 at 05:07:52PM +0100, mlftp at pep.foundation wrote:
> Hi,
>
> I am currently trying to figure out how to run lxc on debian with sysvinit.
> I am stuck at the lxc.conf file respectively on /usr/share/lxc/config.
>
> I get a error when try to launch my container:
>
> lxc-start: test: cgroups/cgfsng.c: cg_hybrid_get_controllers: 746 Found hierarchy not under /sys/fs/cgroup: "/sys/fs/cgroup rw,relatime - cgroup cgroup rw,cpuset,cpu,cpuacct,blkio,memory,devices,freezer,net_cls,perf_event,net_prio,pids,rdma "
> lxc-start: test: lsm/apparmor.c: make_apparmor_namespace: 761 Permission denied - Error creating AppArmor namespace: /sys/kernel/security/apparmor/policy/namespaces/lxc-test_<-home-melodie-.local-share-lxc>
> lxc-start: test: lsm/apparmor.c: apparmor_prepare: 980 Failed to load generated AppArmor profile
Oh - actually it seems like this is the more serious problem :)
Can you show your container configuration? You might just want
to try
lxc.apparmor.profile = unconfined
at the end of the profile and see if that works around it. Just as a
test, not long term.
> lxc-start: test: start.c: lxc_init: 899 Failed to initialize LSM
> lxc-start: test: start.c: __lxc_start: 1917 Failed to initialize container “test"
>
> Usually systemd does the the cgroup stuff, said documentation and research. Before I had lxc running on Debian with sysvinit but as privileged containers.
>
> Has anyone made similar experiences?
> Is there some documentation about manually working with cgroups and unprivileged containers on debian buster?
> Can anyone point me to the right documentation please?
>
> I hope to save some time.
>
> Thank you!
> Cheers,
>
> Mlftp
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
More information about the lxc-users
mailing list