Hi, thanks Dirk!
> But there seems to be another solution with LXFS: > > https://linuxcontainers.org/lxcfs/introduction/ > > This is what it says: > > + A cgroupfs-like tree which is container aware and works > using CGManager. > > + A set of files which can be bind-mounted over their /proc > originals to provide CGroup-aware values. I just tried it. Downloaded it, unpacked it: ./configure && make && sudo make install Then I followed the github lxcfs explanation: sudo mkdir -p /var/lib/lxcfs sudo lxcfs -s -f -o allow_other /var/lib/lxcfs but if I run an unprivileged container with: lxc-start -n jessie -F it still gives me [chb@conventiont lxcfs]$ lxc-start -n jessie -F Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted I use LXC's master from github so according to the lxcfs github page it should work. Does someone know what is going on? Here is the output from: lxc-start -n jessie -F -l DEBUG -o AAA: lxc-start 1422272908.485 INFO lxc_start_ui - lxc_start.c:main:264 - using rcfile /home/chb/.local/share/lxc/jessie/config lxc-start 1422272908.485 WARN lxc_confile - confile.c:config_pivotdir:1770 - lxc.pivotdir is ignored. It will soon become an error. lxc-start 1422272908.486 INFO lxc_confile - confile.c:config_idmap:1379 - read uid map: type u nsid 0 hostid 100000 range 65536 lxc-start 1422272908.486 INFO lxc_confile - confile.c:config_idmap:1379 - read uid map: type g nsid 0 hostid 100000 range 65536 lxc-start 1422272908.487 WARN lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized lxc-start 1422272908.488 WARN lxc_cgmanager - cgmanager.c:cgm_get:962 - do_cgm_get exited with error lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:298 - processing: .reject_force_umount # comment this to allow umount -f; not recommended. lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:371 - Adding non-compat rule for reject_force_umount action 0 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:192 - Setting seccomp rule to reject force umounts lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:382 - Adding compat rule for reject_force_umount action 0 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:390 - Adding non-compat rule bc nr1 == nr2 (-1, -1) lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:do_resolve_add_rule:192 - Setting seccomp rule to reject force umounts lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:298 - processing: .[all]. lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:298 - processing: .kexec_load errno 1. lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:371 - Adding non-compat rule for kexec_load action 327681 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:382 - Adding compat rule for kexec_load action 327681 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:395 - Really adding compat rule bc nr1 == nr2 (283, 246) lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:298 - processing: .open_by_handle_at errno 1. lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:371 - Adding non-compat rule for open_by_handle_at action 327681 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:382 - Adding compat rule for open_by_handle_at action 327681 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:395 - Really adding compat rule bc nr1 == nr2 (342, 304) lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:298 - processing: .init_module errno 1. lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:371 - Adding non-compat rule for init_module action 327681 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:382 - Adding compat rule for init_module action 327681 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:395 - Really adding compat rule bc nr1 == nr2 (128, 175) lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:298 - processing: .finit_module errno 1. lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:371 - Adding non-compat rule for finit_module action 327681 lxc-start 1422272908.488 WARN lxc_seccomp - seccomp.c:do_resolve_add_rule:209 - Seccomp: got negative # for syscall: finit_module lxc-start 1422272908.488 WARN lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - This syscall will NOT be blacklisted lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:382 - Adding compat rule for finit_module action 327681 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:390 - Adding non-compat rule bc nr1 == nr2 (-10085, -10085) lxc-start 1422272908.488 WARN lxc_seccomp - seccomp.c:do_resolve_add_rule:209 - Seccomp: got negative # for syscall: finit_module lxc-start 1422272908.488 WARN lxc_seccomp - seccomp.c:do_resolve_add_rule:210 - This syscall will NOT be blacklisted lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:298 - processing: .delete_module errno 1. lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:371 - Adding non-compat rule for delete_module action 327681 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:382 - Adding compat rule for delete_module action 327681 lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:395 - Really adding compat rule bc nr1 == nr2 (129, 176) lxc-start 1422272908.488 INFO lxc_seccomp - seccomp.c:parse_config_v2:403 - Merging in the compat seccomp ctx into the main one lxc-start 1422272908.489 DEBUG lxc_conf - conf.c:lxc_create_tty:3297 - allocated pty '/dev/pts/4' (5/6) lxc-start 1422272908.489 DEBUG lxc_conf - conf.c:lxc_create_tty:3297 - allocated pty '/dev/pts/5' (7/8) lxc-start 1422272908.489 DEBUG lxc_conf - conf.c:lxc_create_tty:3297 - allocated pty '/dev/pts/6' (9/10) lxc-start 1422272908.489 DEBUG lxc_conf - conf.c:lxc_create_tty:3297 - allocated pty '/dev/pts/7' (11/12) lxc-start 1422272908.489 INFO lxc_conf - conf.c:lxc_create_tty:3308 - tty's configured lxc-start 1422272908.489 DEBUG lxc_start - start.c:setup_signal_fd:259 - sigchild handler set lxc-start 1422272908.489 DEBUG lxc_console - console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer lxc-start 1422272908.489 DEBUG lxc_console - console.c:lxc_console_peer_default:506 - using '/dev/tty' as console lxc-start 1422272908.489 DEBUG lxc_console - console.c:lxc_console_sigwinch_init:179 - 503 got SIGWINCH fd 17 lxc-start 1422272908.489 DEBUG lxc_console - console.c:lxc_console_winsz:88 - set winsz dstfd:14 cols:239 rows:34 lxc-start 1422272908.862 INFO lxc_start - start.c:lxc_init:455 - 'jessie' is initialized lxc-start 1422272908.862 DEBUG lxc_start - start.c:__lxc_start:1072 - Not dropping cap_sys_boot or watching utmp lxc-start 1422272908.862 INFO lxc_start - start.c:lxc_spawn:816 - Cloning a new user namespace lxc-start 1422272908.862 INFO lxc_cgroup - cgroup.c:cgroup_init:65 - cgroup driver cgmanager initing for jessie lxc-start 1422272909.060 NOTICE lxc_start - start.c:do_start:667 - switching to gid/uid 0 in new user namespace lxc-start 1422272909.084 DEBUG lxc_conf - conf.c:setup_rootfs:1234 - mounted '/home/chb/.local/share/lxc/jessie/rootfs' on '/usr/lib/lxc/rootfs' lxc-start 1422272909.084 INFO lxc_conf - conf.c:setup_utsname:894 - 'jessie' hostname has been setup lxc-start 1422272909.084 DEBUG lxc_conf - conf.c:setup_hw_addr:2186 - mac address '00:16:3e:3a:f1:12' on 'eth0' has been setup lxc-start 1422272909.084 DEBUG lxc_conf - conf.c:setup_netdev:2413 - 'eth0' has been setup lxc-start 1422272909.084 INFO lxc_conf - conf.c:setup_network:2434 - network has been setup lxc-start 1422272909.084 INFO lxc_conf - conf.c:mount_autodev:1098 - Mounting /dev under /usr/lib/lxc/rootfs lxc-start 1422272909.084 INFO lxc_conf - conf.c:mount_autodev:1119 - Mounted tmpfs onto /usr/lib/lxc/rootfs/dev lxc-start 1422272909.084 INFO lxc_conf - conf.c:mount_autodev:1137 - Mounted /dev under /usr/lib/lxc/rootfs lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted 'proc' on '/usr/lib/lxc/rootfs/proc', type 'proc' lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted 'sysfs' on '/usr/lib/lxc/rootfs/sys', type 'sysfs' lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1679 - remounting /sys/fs/fuse/connections on /usr/lib/lxc/rootfs/sys/fs/fuse/connections to respect bind or remount options lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1694 - (at remount) flags for /sys/fs/fuse/connections was 4096, required extra flags are 0 lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1703 - mountflags already was 4096, skipping remount lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted '/sys/fs/fuse/connections' on '/usr/lib/lxc/rootfs/sys/fs/fuse/connections', type 'none' lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1679 - remounting /dev/console on /usr/lib/lxc/rootfs/dev/console to respect bind or remount options lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1694 - (at remount) flags for /dev/console was 4098, required extra flags are 2 lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted '/dev/console' on '/usr/lib/lxc/rootfs/dev/console', type 'none' lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1679 - remounting /dev/full on /usr/lib/lxc/rootfs/dev/full to respect bind or remount options lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1694 - (at remount) flags for /dev/full was 4098, required extra flags are 2 lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted '/dev/full' on '/usr/lib/lxc/rootfs/dev/full', type 'none' lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1679 - remounting /dev/null on /usr/lib/lxc/rootfs/dev/null to respect bind or remount options lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1694 - (at remount) flags for /dev/null was 4098, required extra flags are 2 lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted '/dev/null' on '/usr/lib/lxc/rootfs/dev/null', type 'none' lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1679 - remounting /dev/random on /usr/lib/lxc/rootfs/dev/random to respect bind or remount options lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1694 - (at remount) flags for /dev/random was 4098, required extra flags are 2 lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted '/dev/random' on '/usr/lib/lxc/rootfs/dev/random', type 'none' lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1679 - remounting /dev/tty on /usr/lib/lxc/rootfs/dev/tty to respect bind or remount options lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1694 - (at remount) flags for /dev/tty was 4098, required extra flags are 2 lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted '/dev/tty' on '/usr/lib/lxc/rootfs/dev/tty', type 'none' lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1679 - remounting /dev/urandom on /usr/lib/lxc/rootfs/dev/urandom to respect bind or remount options lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1694 - (at remount) flags for /dev/urandom was 4098, required extra flags are 2 lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted '/dev/urandom' on '/usr/lib/lxc/rootfs/dev/urandom', type 'none' lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1679 - remounting /dev/zero on /usr/lib/lxc/rootfs/dev/zero to respect bind or remount options lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1694 - (at remount) flags for /dev/zero was 4098, required extra flags are 2 lxc-start 1422272909.085 DEBUG lxc_conf - conf.c:mount_entry:1729 - mounted '/dev/zero' on '/usr/lib/lxc/rootfs/dev/zero', type 'none' lxc-start 1422272909.085 INFO lxc_conf - conf.c:mount_file_entries:1978 - mount points have been setup lxc-start 1422272909.085 INFO lxc_conf - conf.c:fill_autodev:1165 - Creating initial consoles under /usr/lib/lxc/rootfs/dev lxc-start 1422272909.085 INFO lxc_conf - conf.c:fill_autodev:1176 - Populating /dev under /usr/lib/lxc/rootfs lxc-start 1422272909.085 INFO lxc_conf - conf.c:fill_autodev:1208 - Populated /dev under /usr/lib/lxc/rootfs lxc-start 1422272909.085 INFO lxc_conf - conf.c:setup_dev_console:1459 - console has been setup lxc-start 1422272909.085 INFO lxc_conf - conf.c:setup_tty:1021 - 4 tty(s) has been setup lxc-start 1422272909.085 INFO lxc_conf - conf.c:do_tmp_proc_mount:3520 - I am 1, /proc/self points to '1' lxc-start 1422272909.101 DEBUG lxc_conf - conf.c:setup_rootfs_pivot_root:1076 - pivot_root syscall to '/usr/lib/lxc/rootfs' successful lxc-start 1422272909.101 INFO lxc_conf - conf.c:setup_personality:1414 - set personality to '0x0' lxc-start 1422272909.101 DEBUG lxc_conf - conf.c:setup_caps:2097 - drop capability 'mac_admin' (33) lxc-start 1422272909.101 DEBUG lxc_conf - conf.c:setup_caps:2097 - drop capability 'mac_override' (32) lxc-start 1422272909.101 DEBUG lxc_conf - conf.c:setup_caps:2097 - drop capability 'sys_time' (25) lxc-start 1422272909.101 DEBUG lxc_conf - conf.c:setup_caps:2097 - drop capability 'sys_module' (16) lxc-start 1422272909.101 DEBUG lxc_conf - conf.c:setup_caps:2106 - capabilities have been setup lxc-start 1422272909.101 NOTICE lxc_conf - conf.c:lxc_setup:3842 - 'jessie' is setup. lxc-start 1422272909.101 NOTICE lxc_start - start.c:start:1174 - exec'ing '/sbin/init' lxc-start 1422272909.102 NOTICE lxc_start - start.c:post_start:1185 - '/sbin/init' started with pid '527' lxc-start 1422272909.102 WARN lxc_start - start.c:signal_handler:307 - invalid pid for SIGCHLD lxc-start 1422272912.159 DEBUG lxc_console - console.c:lxc_console_winsz:88 - set winsz dstfd:14 cols:239 rows:23 _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
