www.youtube.com/watch?v=SPk7EL1jja4
2014-09-21 18:22 GMT+02:00 Chris <[email protected]>: > Hi, > > For the last few days I've been attempting to run an unprivileged container > on Jessie without much luck, I was hoping someone might be able to steer me > in the right direction. > > socrates@plato:~$ . /etc/*release; echo $PRETTY_NAME > Debian GNU/Linux jessie/sid > socrates@plato:~$ uname -a > Linux plato 3.14-2-amd64 #1 SMP Debian 3.14.15-2 (2014-08-09) x86_64 > GNU/Linux > socrates@plato:~$ dpkg-query -l lxc > Desired=Unknown/Install/Remove/Purge/Hold > | > Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend > |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) > ||/ Name Version Architecture > Description > +++-==============================-====================-====================-================================================================= > ii lxc 1:1.0.5-3 amd64 > Linux Containers userspace tools > socrates@plato:~$ socrates@plato:~$ cat > /sys/fs/cgroup/cpuset/cgroup.clone_children > /proc/sys/kernel/unprivileged_userns_clone > 1 > 1 > > So just running it straight off gives me the following. > > socrates@plato:~$ lxc-start -d -n socrates --logfile ~/x > --logpriority=TRACE > lxc-start: The container failed to start. > lxc-start: To get more details, run the container in foreground mode. > lxc-start: Additional information can be obtained by setting the > --logfile and --log-priority options. > > With this coming up in the log: > > lxc-start 1411313929.470 INFO lxc_start_ui - using rcfile > /home/socrates/.local/share/lxc/socrates/config > lxc-start 1411313929.520 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313929.540 INFO lxc_confile - read uid map: type u > nsid 0 hostid 427680 range 65536 > lxc-start 1411313929.540 INFO lxc_confile - read uid map: type g > nsid 0 hostid 427680 range 65536 > lxc-start 1411313929.541 WARN lxc_log - lxc_log_init called with > log already initialized > lxc-start 1411313929.567 INFO lxc_lsm - LSM security driver nop > lxc-start 1411313929.568 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313929.570 DEBUG lxc_conf - allocated pty > '/dev/pts/2' (5/6) > lxc-start 1411313929.570 INFO lxc_conf - tty's configured > lxc-start 1411313929.570 DEBUG lxc_start - sigchild handler set > lxc-start 1411313929.571 DEBUG lxc_console - opening > /home/socrates/.console for console peer > lxc-start 1411313929.571 DEBUG lxc_console - using > '/home/socrates/.console' as console > lxc-start 1411313929.571 DEBUG lxc_console - no console peer > lxc-start 1411313929.575 INFO lxc_monitor - using monitor sock > name lxc/5a8aaa9d4fd81a5c//home/socrates/.local/share/lxc > lxc-start 1411313929.860 INFO lxc_start - 'socrates' is > initialized > lxc-start 1411313929.891 DEBUG lxc_start - Not dropping > cap_sys_boot or watching utmp > lxc-start 1411313929.891 INFO lxc_start - Cloning a new user > namespace > lxc-start 1411313929.891 INFO lxc_cgroup - cgroup driver cgroupfs > initing for socrates > lxc-start 1411313929.892 ERROR lxc_cgfs - Permission denied - Could > not create cgroup '/socrates' in '/sys/fs/cgroup/perf_event'. > lxc-start 1411313929.892 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/perf_event/ > lxc-start 1411313929.893 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio/ > lxc-start 1411313929.893 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/net_cls/ > lxc-start 1411313929.893 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/freezer/ > lxc-start 1411313929.893 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/devices/ > lxc-start 1411313929.893 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct/ > lxc-start 1411313929.893 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuset/ > lxc-start 1411313929.893 ERROR lxc_start - failed creating cgroups > lxc-start 1411313929.894 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313929.894 ERROR lxc_start - failed to spawn > 'socrates' > lxc-start 1411313929.894 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313929.894 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313929.894 WARN lxc_commands - command get_cgroup > failed to receive response > lxc-start 1411313929.894 WARN lxc_cgfs - Not attaching to cgroup > cpuset unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313929.894 WARN lxc_cgfs - Not attaching to cgroup > cpu unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313929.894 WARN lxc_cgfs - Not attaching to cgroup > devices unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313929.894 WARN lxc_cgfs - Not attaching to cgroup > freezer unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313929.894 WARN lxc_cgfs - Not attaching to cgroup > net_cls unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313929.894 WARN lxc_cgfs - Not attaching to cgroup > blkio unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313929.895 WARN lxc_cgfs - Not attaching to cgroup > perf_event unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313934.900 ERROR lxc_start_ui - The > lxc-start 1411313934.900 ERROR lxc_start_ui - To get more details, > run the container in > lxc-start 1411313934.900 ERROR lxc_start_ui - Additional > information can be obtained by setting the --logfile and --log-priority > options. > > Looking at mailing list posts/etc, I came across this script (from Serge, if > I recall correctly) and have attempted to run it prior to starting the > container, however this seems to cause it to try to create a new cgroup > (socrates-1) seeing that socrates is in use... > > socrates@plato:~$ cat prep.sh > #!/bin/bash -- > for d in /sys/fs/cgroup/*; do > f=$(basename $d) > echo "looking at $f" > if [ "$f" = "cpuset" ]; then > echo 1 | sudo tee -a $d/cgroup.clone_children; > elif [ "$f" = "memory" ]; then > echo 1 | sudo tee -a $d/memory.use_hierarchy; > fi > sudo mkdir -p $d/$USER > sudo chown -R $USER $d/$USER > echo $$ > $d/$USER/tasks > done > socrates@plato:~$ ./prep.sh > looking at blkio > looking at cgmanager > looking at cpu > looking at cpuacct > looking at cpu,cpuacct > looking at cpuset > 1 > looking at devices > looking at freezer > looking at net_cls > looking at perf_event > looking at systemd > socrates@plato:~$ lxc-start -d -n socrates --logfile ~/x > --logpriority=TRACE > lxc-start: The container failed to start. > lxc-start: To get more details, run the container in foreground mode. > lxc-start: Additional information can be obtained by setting the > --logfile and --log-priority options. > > The log output: > > lxc-start 1411313677.267 INFO lxc_start_ui - using rcfile > /home/socrates/.local/share/lxc/socrates/config > lxc-start 1411313677.267 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313677.269 INFO lxc_confile - read uid map: type u > nsid 0 hostid 427680 range 65536 > lxc-start 1411313677.269 INFO lxc_confile - read uid map: type g > nsid 0 hostid 427680 range 65536 > lxc-start 1411313677.269 WARN lxc_log - lxc_log_init called with > log already initialized > lxc-start 1411313677.276 INFO lxc_lsm - LSM security driver nop > lxc-start 1411313677.276 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313677.279 DEBUG lxc_conf - allocated pty > '/dev/pts/2' (5/6) > lxc-start 1411313677.279 INFO lxc_conf - tty's configured > lxc-start 1411313677.279 DEBUG lxc_start - sigchild handler set > lxc-start 1411313677.279 DEBUG lxc_console - opening > /home/socrates/.console for console peer > lxc-start 1411313677.279 DEBUG lxc_console - using > '/home/socrates/.console' as console > lxc-start 1411313677.280 DEBUG lxc_console - no console peer > lxc-start 1411313677.285 INFO lxc_monitor - using monitor sock > name lxc/5a8aaa9d4fd81a5c//home/socrates/.local/share/lxc > lxc-start 1411313677.564 INFO lxc_start - 'socrates' is > initialized > lxc-start 1411313677.575 DEBUG lxc_start - Not dropping > cap_sys_boot or watching utmp > lxc-start 1411313677.576 INFO lxc_start - Cloning a new user > namespace > lxc-start 1411313677.576 INFO lxc_cgroup - cgroup driver cgroupfs > initing for socrates > lxc-start 1411313677.576 ERROR lxc_cgfs - Permission denied - Could > not create cgroup '/socrates-1' in '/sys/fs/cgroup/perf_event'. > lxc-start 1411313677.577 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/perf_event//socrates > lxc-start 1411313677.577 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/perf_event/ > lxc-start 1411313677.577 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio//socrates > lxc-start 1411313677.577 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio/ > lxc-start 1411313677.578 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/net_cls//socrates > lxc-start 1411313677.578 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/net_cls/ > lxc-start 1411313677.578 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/freezer//socrates > lxc-start 1411313677.578 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/freezer/ > lxc-start 1411313677.578 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/devices//socrates > lxc-start 1411313677.578 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/devices/ > lxc-start 1411313677.578 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct//socrates > lxc-start 1411313677.578 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct/ > lxc-start 1411313677.579 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuset//socrates > lxc-start 1411313677.579 ERROR lxc_cgfs - Permission denied - > cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuset/ > lxc-start 1411313677.579 ERROR lxc_start - failed creating cgroups > lxc-start 1411313677.579 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313677.579 ERROR lxc_start - failed to spawn > 'socrates' > lxc-start 1411313677.579 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313677.579 INFO lxc_utils - XDG_RUNTIME_DIR isn't > set in the environment. > lxc-start 1411313677.579 WARN lxc_commands - command get_cgroup > failed to receive response > lxc-start 1411313677.579 WARN lxc_cgfs - Not attaching to cgroup > cpuset unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313677.579 WARN lxc_cgfs - Not attaching to cgroup > cpu unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313677.580 WARN lxc_cgfs - Not attaching to cgroup > devices unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313677.580 WARN lxc_cgfs - Not attaching to cgroup > freezer unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313677.580 WARN lxc_cgfs - Not attaching to cgroup > net_cls unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313677.580 WARN lxc_cgfs - Not attaching to cgroup > blkio unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313677.580 WARN lxc_cgfs - Not attaching to cgroup > perf_event unknown to /home/socrates/.local/share/lxc socrates > lxc-start 1411313682.585 ERROR lxc_start_ui - The container failed > to start. > lxc-start 1411313682.585 ERROR lxc_start_ui - To get more details, > run the container in foreground mode. > lxc-start 1411313682.585 ERROR lxc_start_ui - Additional > information can be obtained by setting the --logfile and --log-priority > options. > > Any advice would be much appreciated, I've spent quite a while scouring the > Internet for ideas, but now I am stuck. > > Thanks, > Chris > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
