Quoting Frederico Araujo (arau...@gmail.com): > Hi, > > I've been using checkpoint/restore (CRIU 0.7) under lxc containers on > Ubuntu Saucy for a while and everything was running smoothly until I > updated my lxc from version 0.9 to the new release (1.0.0.alpha1). After > the update, restoring even a simple program (no sockets, just a simple > infinite loop printing some text) returns: > > "Error (cr-restore.c:894): 475: Can't open /proc/sys/kernel/ns_last_pid: > Permission denied" > > My container was configured using the lxc template for Ubuntu, using the > default configuration. So, my question is: did the new version of lxc > changed anything related to access permission to the > /proc/sys/kernel/ns_last_pid file? I am running CRIU restore as root inside
The apparmor policy doesn't allow writing to that file by default. Either add an allow statement to the policy, or have the container run unconfined. > the container. I made a small test running CRIU restore on the host machine > and it works fine; my best guess is that something has changed in the way > LXC handles the container's root permissions. If not, am I missing > something? Is there a way to allow a container root to open ns_last_pid > with R/W permissions from inside the container (I checked CRIU source code > and this is where it fails)? > > I am running host and container on Ubuntu Saucy (3.11.0-7). Also, 'sysctl > kernel.ns_last_pid' works fine from inside the container. > > Any help will be appreciated! > Thanks, > Fred > ------------------------------------------------------------------------------ > LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! > 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint > 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes > Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. > http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk > _______________________________________________ > Lxc-users mailing list > Lxc-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-users ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
