Quoting John Siu ([email protected]): > > > On Feb 22, 2016, at 12:55, Serge Hallyn <[email protected]> wrote: > > > > Quoting John Siu ([email protected]): > >> OS: Ubuntu 16.04 > >> LXC: 2.0.0-rc1 > >> > >> Following are from host journal when starting up a lxc container: > >> > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/blkio/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/cpuacct/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuset/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/devices/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/hugetlb/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/net_prio/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/perf_event/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18926 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/pids/user.slice/user-1000.slice/session-2.scope/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/blkio/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/cpuacct/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuset/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/devices/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/hugetlb/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/net_prio/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/perf_event/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18930 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/pids/user.slice/user-1000.slice/session-2.scope/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/blkio/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/blkio/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/cpuacct/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/cpuacct/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuset/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/cpuset/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/devices/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/devices/user.slice/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/hugetlb/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/hugetlb/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/net_prio/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/net_prio/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/perf_event/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 > >> (uid 1000 gid 1000) may not create under /run/cgmanager/fs/perf_event/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18936 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/pids/user.slice/user-1000.slice/session-2.scope/lxc > >> Feb 22 01:31:18 JS-HP cgmanager[2978]: cgmanager:do_create_main: pid 18935 > >> (uid 1000 gid 1000) may not create under > >> /run/cgmanager/fs/pids/user.slice/user-1000.slice/session-2.scope/lxc > >> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_UP): vethPYRIGJ: link > >> is not ready > >> Feb 22 01:31:18 JS-HP kernel: device vethPYRIGJ entered promiscuous mode > >> Feb 22 01:31:18 JS-HP kernel: public: renamed from vethPYRIGJp > >> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_UP): veth9SIJ98: link > >> is not ready > >> Feb 22 01:31:18 JS-HP kernel: device veth9SIJ98 entered promiscuous mode > >> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding > >> state > >> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding > >> state > >> Feb 22 01:31:18 JS-HP kernel: mgmt: renamed from veth9SIJ98p > >> Feb 22 01:31:18 JS-HP systemd-udevd[19248]: Could not generate persistent > >> MAC address for vethM46DG6p: No such file or directory > >> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_UP): vethM46DG6: link > >> is not ready > >> Feb 22 01:31:18 JS-HP kernel: device vethM46DG6 entered promiscuous mode > >> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered > >> forwarding state > >> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered > >> forwarding state > >> Feb 22 01:31:18 JS-HP kernel: private: renamed from vethM46DG6p > >> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered disabled > >> state > >> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered > >> disabled state > >> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethPYRIGJ: > >> link becomes ready > >> Feb 22 01:31:18 JS-HP kernel: public: port 2(vethPYRIGJ) entered > >> forwarding state > >> Feb 22 01:31:18 JS-HP kernel: public: port 2(vethPYRIGJ) entered > >> forwarding state > >> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth9SIJ98: > >> link becomes ready > >> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding > >> state > >> Feb 22 01:31:18 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding > >> state > >> Feb 22 01:31:18 JS-HP kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethM46DG6: > >> link becomes ready > >> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered > >> forwarding state > >> Feb 22 01:31:18 JS-HP kernel: private0: port 2(vethM46DG6) entered > >> forwarding state > >> Feb 22 01:31:18 JS-HP audit[18945]: AVC apparmor="DENIED" > >> operation="mount" info="failed type match" error=-13 > >> profile="lxc-container-default" name="/sys/fs/cgroup/" pid=18945 > >> comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime" > >> Feb 22 01:31:18 JS-HP kernel: audit: type=1400 audit(1456122678.561:43): > >> apparmor="DENIED" operation="mount" info="failed type match" error=-13 > >> profile="lxc-container-default" name="/sys/fs/cgroup/" pid=18945 > >> comm="systemd" flags="ro, nosuid, nodev, noexec, remount, strictatime" > >> Feb 22 01:31:21 JS-HP audit[20333]: AVC apparmor="DENIED" > >> operation="mount" info="failed flags match" error=-13 > >> profile="lxc-container-default" name="/" pid=20333 comm="(l-upload)" > >> flags="rw, rslave" > >> Feb 22 01:31:21 JS-HP kernel: audit: type=1400 audit(1456122681.413:44): > >> apparmor="DENIED" operation="mount" info="failed flags match" error=-13 > >> profile="lxc-container-default" name="/" pid=20333 comm="(l-upload)" > >> flags="rw, rslave" > >> Feb 22 01:31:27 JS-HP kernel: mgmt: port 2(veth9SIJ98) entered forwarding > >> state > >> Feb 22 01:31:27 JS-HP kernel: private0: port 2(vethM46DG6) entered > >> forwarding state > >> Feb 22 01:31:33 JS-HP kernel: public: port 2(vethPYRIGJ) entered > >> forwarding state > >> > >> My main concern are those cgmanager and audit messages. > >> > >> Are they normal for unprivileged container and can be ignore?? > > > > Those are normal. The top ones are because (I assume) you're running > > libpam-cgfs (or libpam-cgm) and not getting cgroups that you own for > > those subsystems. Notice freezer and name=systemd are not listed. > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > > I just install Ubuntu 16.04 and installed lxc from apt-get. I did not > change/touch cgroup config, as I have completely no idea how :P
Yup, then you have libpam-cgfs. -serge _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
