touch-packages team mailing list archive

Thread
Date
[Bug 1533833] Re: unprivileged lxc containers won't start

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Serge Hallyn <1533833@xxxxxxxxxxxxxxxxxx>
Date: Wed, 13 Jan 2016 22:17:51 -0000
Reply-to: Bug 1533833 <1533833@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
You're using a newer kernel which provides the 'pids' cgroup.  Systemd doesn't
know about that one and so doesn't create a cgroup for you that you own.  Lxc
in turn (in wily) doesn't yet know how to handle that.

You can work around this several ways.  The simplest is to do

sudo cgm create pids user
sudo cgm chown pids user $(id -u) $(id -g)
cgm movepid pids user $$

before you start the container.


** Also affects: systemd (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: lxc (Ubuntu)
   Importance: Undecided => Medium

** Changed in: lxc (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start

Status in lxc package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in lxc source package in Wily:
  New
Status in systemd source package in Wily:
  New

Bug description:
  I'n trying to get (unpriviliged) lxc containers to run on wily.  I
  create a container like this:

  > lxc-create -t download -n u1 -- -d ubuntu -r wily -a amd64

  that works.  However, starting the container fails:

  > lxc-start -n u1                                            
  lxc-start: lxc_start.c: main: 344 The container failed to start.
  lxc-start: lxc_start.c: main: 346 To get more details, run the container in foreground mode.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.

  Setting the log priority to debug shows the following (relevant part
  only):

        lxc-start 1452717530.484 INFO     lxc_start - start.c:lxc_init:474 - 'u1' is initialized
        lxc-start 1452717530.484 DEBUG    lxc_start - start.c:__lxc_start:1186 - Not dropping cap_sys_boot or watching utmp
        lxc-start 1452717530.484 INFO     lxc_start - start.c:resolve_clone_flags:883 - Cloning a new user namespace
        lxc-start 1452717530.484 INFO     lxc_cgroup - cgroup.c:cgroup_init:65 - cgroup driver cgmanager initing for u1
        lxc-start 1452717530.489 ERROR    lxc_cgmanager - cgmanager.c:lxc_cgmanager_enter:698 - call to cgmanager_move_pid_sync failed: invalid request
  lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to cgmanager_move_pid_sync failed: invalid request
        lxc-start 1452717530.490 ERROR    lxc_start - start.c:__lxc_start:1213 - failed to spawn 'u1'
  lxc-start: start.c: __lxc_start: 1213 failed to spawn 'u1'
        lxc-start 1452717530.513 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
  lxc-start: lxc_start.c: main: 344 The container failed to start.
        lxc-start 1452717530.513 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
        lxc-start 1452717530.484 INFO     lxc_start - start.c:lxc_init:474 - 'u1' is initialized
        lxc-start 1452717530.484 DEBUG    lxc_start - start.c:__lxc_start:1186 - Not dropping cap_sys_boot or watching utmp
        lxc-start 1452717530.484 INFO     lxc_start - start.c:resolve_clone_flags:883 - Cloning a new user namespace
        lxc-start 1452717530.484 INFO     lxc_cgroup - cgroup.c:cgroup_init:65 - cgroup driver cgmanager initing for u1
        lxc-start 1452717530.489 ERROR    lxc_cgmanager - cgmanager.c:lxc_cgmanager_enter:698 - call to cgmanager_move_pid_sync failed: invalid request
  lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to cgmanager_move_pid_sync failed: invalid request
        lxc-start 1452717530.490 ERROR    lxc_start - start.c:__lxc_start:1213 - failed to spawn 'u1'
  lxc-start: start.c: __lxc_start: 1213 failed to spawn 'u1'
        lxc-start 1452717530.513 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
  lxc-start: lxc_start.c: main: 344 The container failed to start.
        lxc-start 1452717530.513 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.

  
  So it seems a cgmanager issue.  Syslog shows:

  Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager:do_create_main: pid 25615 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids
  Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager: Invalid path /run/cgmanager/fs/pids/lxc/u1
  Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager:per_ctrl_move_pid_main: Invalid path /run/cgmanager/fs/pids/lxc/u1
  Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager:do_create_main: pid 25632 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids
  Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager: Invalid path /run/cgmanager/fs/pids/lxc/u1
  Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager:per_ctrl_move_pid_main: Invalid path /run/cgmanager/fs/pids/lxc/u1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions
References

[Bug 1533833] [NEW] unprivileged lxc containers won't start
From: Bas Zoetekouw, 2016-01-13