LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
Reload this Page Unable to start unprivileged Lxc container on Debian Sid
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 02-01-2015, 02:16 PM   #1
hurd
LQ Newbie
 
Registered: Jan 2015
Posts: 16

Rep: Reputation: Disabled
Unable to start unprivileged Lxc container on Debian Sid

Unable to start unprivileged Lxc container on Debian Sid

Hi,

I try to start an unprivileged Lxc container under Debian Sid without success.

It seems to be a problem related to some right access on /sys/fs/cgroup.

Here the cgroup mounted file system :
Code:
hurd@debian:~$ mount|grep -i cgroup
tmpfs on /sys/fs/cgroup type tmpfs (rw,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset,clone_children)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event,release_agent=/run/cgmanager/agents/cgm-release-agent.perf_event)
Even when I use cgmanager to manage cgroup, it fails.

I also noticed that cgconfig daemon is dead :
Code:
hurd@debian:~$ systemctl status cgconfig
● cgconfig.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)
Here some packages installed on my system concerning lxc and cgroup :
Code:
lxc 1:1.0.7-1 amd64
cgmanager 0.35-1 amd64
cgroup-bin 0.41-6 all
cgroup-tools 0.41-6 amd64
libcgmanager0: 0.35-1 amd64
libcgroup1:amd 0.41-6 amd64
libpam-cgroup: 0.41-6 amd64
Here the kernel I use :
Code:
hurd@debian:~$ uname -r
3.16.0-4-amd64
The "unprivileged_userns_clone" variable :
Code:
hurd@debian:~$ cat /proc/sys/kernel/unprivileged_userns_clone
1
Kernel options related to cgroup
Code:
hurd@debian:~$ cat /boot/config-3.16.0-4-amd64|grep -i group
CONFIG_CGROUPS=y
# CONFIG_CGROUP_DEBUG is not set
CONFIG_CGROUP_FREEZER=y
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_CPUACCT=y
# CONFIG_CGROUP_HUGETLB is not set
CONFIG_CGROUP_PERF=y
CONFIG_CGROUP_SCHED=y
CONFIG_FAIR_GROUP_SCHED=y
# CONFIG_RT_GROUP_SCHED is not set
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
CONFIG_SCHED_AUTOGROUP=y
CONFIG_CFQ_GROUP_IOSCHED=y
CONFIG_NETFILTER_XT_MATCH_CGROUP=m
CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m
CONFIG_NET_CLS_CGROUP=m
CONFIG_CGROUP_NET_PRIO=y
CONFIG_CGROUP_NET_CLASSID=y
The lxc configuration file :
Code:
hurd@debian:~$ cat ~/.config/lxc/default.conf
lxc.autodev = 1
lxc.kmsg = 0
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.id_map = u 0 1214112 65536
lxc.id_map = g 0 1214112 65536

My subuid and subgid :
Code:
hurd@debian:~$ cat /etc/subuid /etc/subgid|grep -i hurd
hurd:1214112:65536
hurd:1214112:65536

And finally the log :

Code:
lxc-start -n test -l DEBUG -o /tmp/lxc.log -f ~/.config/lxc/default.conf

      lxc-start 1422636189.127 INFO     lxc_start_ui - lxc_start.c:main:265 - using rcfile /home/hurd/.local/share/lxc/test/config
      lxc-start 1422636189.130 INFO     lxc_confile - confile.c:config_idmap:1325 - read uid map: type u nsid 0 hostid 1214112 range 65536
      lxc-start 1422636189.130 INFO     lxc_confile - confile.c:config_idmap:1325 - read uid map: type g nsid 0 hostid 1214112 range 65536
      lxc-start 1422636189.131 WARN     lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized
      lxc-start 1422636189.131 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup memory unknown to /home/hurd/.local/share/lxc test
      lxc-start 1422636189.131 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpuset unknown to /home/hurd/.local/share/lxc test
      lxc-start 1422636189.131 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup net_cls unknown to /home/hurd/.local/share/lxc test
      lxc-start 1422636189.131 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup blkio unknown to /home/hurd/.local/share/lxc test
      lxc-start 1422636189.131 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpu unknown to /home/hurd/.local/share/lxc test
      lxc-start 1422636189.131 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup devices unknown to /home/hurd/.local/share/lxc test
      lxc-start 1422636189.131 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup freezer unknown to /home/hurd/.local/share/lxc test
      lxc-start 1422636189.131 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup perf_event unknown to /home/hurd/.local/share/lxc test
      lxc-start 1422636189.132 INFO     lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver nop
      lxc-start 1422636189.132 DEBUG    lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/2' (5/6)
      lxc-start 1422636189.132 DEBUG    lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/3' (7/8)
      lxc-start 1422636189.132 DEBUG    lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/4' (9/10)
      lxc-start 1422636189.132 DEBUG    lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/5' (11/12)
      lxc-start 1422636189.132 INFO     lxc_conf - conf.c:lxc_create_tty:3676 - tty's configured
      lxc-start 1422636189.132 DEBUG    lxc_start - start.c:setup_signal_fd:247 - sigchild handler set
      lxc-start 1422636189.132 DEBUG    lxc_console - console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer
      lxc-start 1422636189.132 INFO     lxc_caps - caps.c:lxc_caps_up:101 - Last supported cap was 36
      lxc-start 1422636189.132 DEBUG    lxc_console - console.c:lxc_console_peer_default:506 - using '/dev/tty' as console
      lxc-start 1422636189.132 DEBUG    lxc_console - console.c:lxc_console_sigwinch_init:179 - 4744 got SIGWINCH fd 17
      lxc-start 1422636189.132 DEBUG    lxc_console - console.c:lxc_console_winsz:88 - set winsz dstfd:14 cols:80 rows:24
      lxc-start 1422636189.363 INFO     lxc_start - start.c:lxc_init:443 - 'test' is initialized
      lxc-start 1422636189.364 DEBUG    lxc_start - start.c:__lxc_start:1058 - Not dropping cap_sys_boot or watching utmp
      lxc-start 1422636189.364 INFO     lxc_start - start.c:lxc_spawn:802 - Cloning a new user namespace
      lxc-start 1422636189.364 INFO     lxc_cgroup - cgroup.c:cgroup_init:62 - cgroup driver cgroupfs initing for test
      lxc-start 1422636189.364 ERROR    lxc_cgfs - cgfs.c:lxc_cgroupfs_create:956 - Permission denied - Could not create cgroup '/test' in '/sys/fs/cgroup/perf_event'.
      lxc-start 1422636189.364 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/perf_event/
      lxc-start 1422636189.364 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/freezer/
      lxc-start 1422636189.364 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices//system.slice
      lxc-start 1422636189.364 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices//user.slice/user-1000.slice
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices//user.slice/user-0.slice/user@0.service
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices//user.slice/user-0.slice/session-3.scope
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices//user.slice/user-0.slice
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices//user.slice/user-116.slice
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices//user.slice
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices/
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct//system.slice
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct//user.slice/user-1000.slice
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct//user.slice/user-0.slice/user@0.service
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct//user.slice/user-0.slice/session-3.scope
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct//user.slice/user-0.slice
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct//user.slice/user-116.slice
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct//user.slice
      lxc-start 1422636189.365 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct/
      lxc-start 1422636189.366 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio//system.slice
      lxc-start 1422636189.366 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio//user.slice/user-1000.slice
      lxc-start 1422636189.366 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio//user.slice/user-0.slice/user@0.service
      lxc-start 1422636189.366 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio//user.slice/user-0.slice/session-3.scope
      lxc-start 1422636189.366 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio//user.slice/user-0.slice
      lxc-start 1422636189.367 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio//user.slice/user-116.slice
      lxc-start 1422636189.367 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio//user.slice
      lxc-start 1422636189.367 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio/
      lxc-start 1422636189.367 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/net_cls,net_prio/
      lxc-start 1422636189.367 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuset/
      lxc-start 1422636189.367 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory//system.slice
      lxc-start 1422636189.367 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory//user.slice/user-1000.slice
      lxc-start 1422636189.367 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory//user.slice/user-0.slice/user@0.service
      lxc-start 1422636189.368 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory//user.slice/user-0.slice/session-3.scope
      lxc-start 1422636189.368 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory//user.slice/user-0.slice
      lxc-start 1422636189.368 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory//user.slice/user-116.slice
      lxc-start 1422636189.368 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory//user.slice
      lxc-start 1422636189.368 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory/
      lxc-start 1422636189.368 ERROR    lxc_start - start.c:lxc_spawn:861 - failed creating cgroups
      lxc-start 1422636189.368 ERROR    lxc_start - start.c:__lxc_start:1080 - failed to spawn 'test'
      lxc-start 1422636189.368 WARN     lxc_conf - conf.c:lxc_delete_autodev:1575 - Failed to locate autodev /dev/.lxc and /dev/.lxc/user.
      lxc-start 1422636189.368 ERROR    lxc_start_ui - lxc_start.c:main:342 - The container failed to start.
      lxc-start 1422636189.368 ERROR    lxc_start_ui - lxc_start.c:main:346 - Additional information can be obtained by setting the --logfile and --logpriority options.
Thanks
 
  


Reply

Tags
cgroups, containers, debian, lxc



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXC Container: sound Not working charlie101 Linux - Virtualization and Cloud 11 04-14-2020 01:15 AM
LXC unprivileged container - operation no permitted gauthig Linux - Virtualization and Cloud 2 07-15-2014 03:34 PM
How to use Local ISO for LXC Container? sunveer Linux - Software 0 10-04-2013 04:44 AM
script to get a lxc-container like iso of current. cod_liver_0il Slackware 1 09-10-2012 11:12 AM
How to end a Linux Container (LXC) from within? Skaperen Linux - Virtualization and Cloud 0 06-14-2011 09:37 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 05:25 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration