← Back to team overview

touch-packages team mailing list archive

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

 

Thanks - Martin - tested that with the mainline kernel, and it did indeed
give me a pids cgroup:

ubuntu@pitti:~$ cat /proc/self/cgroup
11:hugetlb:/user.slice/user-1000.slice/session-2.scope
10:blkio:/user.slice/user-1000.slice/session-2.scope
9:devices:/user.slice/user-1000.slice/session-2.scope
8:pids:/user.slice/user-1000.slice/session-2.scope
7:memory:/user.slice/user-1000.slice/session-2.scope
6:perf_event:/user.slice/user-1000.slice/session-2.scope
5:cpuset:/user.slice/user-1000.slice/session-2.scope
4:net_cls,net_prio:/user.slice/user-1000.slice/session-2.scope
3:freezer:/user.slice/user-1000.slice/session-2.scope
2:cpu,cpuacct:/user.slice/user-1000.slice/session-2.scope
1:name=systemd:/user.slice/user-1000.slice/session-2.scope

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

Status in lxc package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Released
Status in lxc source package in Wily:
  New
Status in systemd source package in Wily:
  In Progress

Bug description:
  I'n trying to get (unpriviliged) lxc containers to run on wily.  I
  create a container like this:

  > lxc-create -t download -n u1 -- -d ubuntu -r wily -a amd64

  that works.  However, starting the container fails:

  > lxc-start -n u1                                            
  lxc-start: lxc_start.c: main: 344 The container failed to start.
  lxc-start: lxc_start.c: main: 346 To get more details, run the container in foreground mode.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.

  Setting the log priority to debug shows the following (relevant part
  only):

        lxc-start 1452717530.484 INFO     lxc_start - start.c:lxc_init:474 - 'u1' is initialized
        lxc-start 1452717530.484 DEBUG    lxc_start - start.c:__lxc_start:1186 - Not dropping cap_sys_boot or watching utmp
        lxc-start 1452717530.484 INFO     lxc_start - start.c:resolve_clone_flags:883 - Cloning a new user namespace
        lxc-start 1452717530.484 INFO     lxc_cgroup - cgroup.c:cgroup_init:65 - cgroup driver cgmanager initing for u1
        lxc-start 1452717530.489 ERROR    lxc_cgmanager - cgmanager.c:lxc_cgmanager_enter:698 - call to cgmanager_move_pid_sync failed: invalid request
  lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to cgmanager_move_pid_sync failed: invalid request
        lxc-start 1452717530.490 ERROR    lxc_start - start.c:__lxc_start:1213 - failed to spawn 'u1'
  lxc-start: start.c: __lxc_start: 1213 failed to spawn 'u1'
        lxc-start 1452717530.513 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
  lxc-start: lxc_start.c: main: 344 The container failed to start.
        lxc-start 1452717530.513 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
        lxc-start 1452717530.484 INFO     lxc_start - start.c:lxc_init:474 - 'u1' is initialized
        lxc-start 1452717530.484 DEBUG    lxc_start - start.c:__lxc_start:1186 - Not dropping cap_sys_boot or watching utmp
        lxc-start 1452717530.484 INFO     lxc_start - start.c:resolve_clone_flags:883 - Cloning a new user namespace
        lxc-start 1452717530.484 INFO     lxc_cgroup - cgroup.c:cgroup_init:65 - cgroup driver cgmanager initing for u1
        lxc-start 1452717530.489 ERROR    lxc_cgmanager - cgmanager.c:lxc_cgmanager_enter:698 - call to cgmanager_move_pid_sync failed: invalid request
  lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to cgmanager_move_pid_sync failed: invalid request
        lxc-start 1452717530.490 ERROR    lxc_start - start.c:__lxc_start:1213 - failed to spawn 'u1'
  lxc-start: start.c: __lxc_start: 1213 failed to spawn 'u1'
        lxc-start 1452717530.513 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
  lxc-start: lxc_start.c: main: 344 The container failed to start.
        lxc-start 1452717530.513 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.
  lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.

  
  So it seems a cgmanager issue.  Syslog shows:

  Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager:do_create_main: pid 25615 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids
  Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager: Invalid path /run/cgmanager/fs/pids/lxc/u1
  Jan 13 21:37:58 miranda cgmanager[22010]: cgmanager:per_ctrl_move_pid_main: Invalid path /run/cgmanager/fs/pids/lxc/u1
  Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager:do_create_main: pid 25632 (uid 1000 gid 1000) may not create under /run/cgmanager/fs/pids
  Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager: Invalid path /run/cgmanager/fs/pids/lxc/u1
  Jan 13 21:38:50 miranda cgmanager[22010]: cgmanager:per_ctrl_move_pid_main: Invalid path /run/cgmanager/fs/pids/lxc/u1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions


References