[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Launchpad Bug Tracker]

This bug was fixed in the package systemd - 225-1ubuntu9.1

---
systemd (225-1ubuntu9.1) wily-proposed; urgency=medium

  * Add "pids" cgroup controller to user LXC support patch. Fixes running with
newer kernels. (LP: #1533833)

 -- Martin Pitt   Mon, 18 Jan 2016 21:54:41
+0100

** Changed in: systemd (Ubuntu Wily)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Serge Hallyn]

Marking verification-done bc the pids cgroup problem is addressed.  If
you continue to have a problem with the apparmor profile, please file a
new bug.

** Tags removed: verification-failed verification-needed
** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Bas Zoetekouw]

strangely enough, adding the aa_allow_incomplete option doesn't seem to
make a difference;  container startup keeps failing at the same point.

In any case, it does seem to initialize the container correctly, and I
seem to hit a different issue.  The entire cgroup thing seems to work
now, at least:


lxc-start 1455916829.396 INFO lxc_start - start.c:lxc_init:474 - 
'aansluitform-deploy' is initialized
  lxc-start 1455916829.396 DEBUGlxc_start - start.c:__lxc_start:1186 - 
Not dropping cap_sys_boot or watching utmp
  lxc-start 1455916829.396 INFO lxc_start - 
start.c:resolve_clone_flags:883 - Cloning a new user namespace
  lxc-start 1455916829.396 INFO lxc_cgroup - cgroup.c:cgroup_init:65 - 
cgroup driver cgmanager initing for aansluitform-deploy
  lxc-start 1455916829.507 NOTICE   lxc_start - start.c:do_start:699 - 
switching to gid/uid 0 in new user namespace
  lxc-start 1455916829.509 DEBUGlxc_conf - conf.c:setup_rootfs:1295 - 
mounted '/home/bas/.local/share/lxc/aansluitform-deploy/rootfs' on 
'/usr/lib/x86_64-linux-gnu/lxc'
  lxc-start 1455916829.509 INFO lxc_conf - conf.c:setup_utsname:928 - 
'aansluitform-deploy' hostname has been setup
  lxc-start 1455916829.509 DEBUGlxc_conf - conf.c:setup_netdev:2595 - 
'eth0' has been setup
  lxc-start 1455916829.509 INFO lxc_conf - conf.c:setup_network:2616 - 
network has been setup
  lxc-start 1455916829.509 INFO lxc_conf - conf.c:mount_autodev:1157 - 
Mounting container /dev
  lxc-start 1455916829.509 INFO lxc_conf - conf.c:mount_autodev:1179 - 
Mounted tmpfs onto /usr/lib/x86_64-linux-gnu/lxc/dev
  lxc-start 1455916829.509 INFO lxc_conf - conf.c:mount_autodev:1197 - 
Mounted container /dev

which seems to pass the point where it failed before.

A little bit later, it now fails with

lxc-start 1455916829.616 WARN lxc_apparmor - 
lsm/apparmor.c:apparmor_process_label_set:167 - Incomplete AppArmor support in 
your kernel
  lxc-start 1455916829.616 ERRORlxc_apparmor - 
lsm/apparmor.c:apparmor_process_label_set:183 - No such file or directory - 
failed to change apparmor profile to lxc-container-default
  lxc-start 1455916829.616 ERRORlxc_sync - sync.c:__sync_wait:51 - 
invalid sequence number 1. expected 4
  lxc-start 1455916829.616 ERRORlxc_start - start.c:__lxc_start:1213 - 
failed to spawn 'aansluitform-deploy'
  lxc-start 1455916829.616 WARN lxc_commands - 
commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive 
response
  lxc-start 1455916829.616 WARN lxc_cgmanager - cgmanager.c:cgm_get:994 
- do_cgm_get exited with error
  lxc-start 1455916829.616 ERRORlxc_cgmanager - 
cgmanager.c:cgm_remove_cgroup:523 - call to cgmanager_remove_sync failed: 
invalid request
  lxc-start 1455916829.616 ERRORlxc_cgmanager - 
cgmanager.c:cgm_remove_cgroup:525 - Error removing 
all:lxc/aansluitform-deploy-10
  lxc-start 1455916834.621 ERRORlxc_start_ui - lxc_start.c:main:344 - 
The container failed to start.
  lxc-start 1455916834.621 ERRORlxc_start_ui - lxc_start.c:main:346 - 
To get more details, run the container in foreground mode.
  lxc-start 1455916834.621 ERRORlxc_start_ui - lxc_start.c:main:348 - 
Additional information can be obtained by setting the --logfile and 
--logpriority options.

even if the apparmor setting is set in the config file.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Serge Hallyn]

Quoting Bas Zoetekouw (b...@debian.org):
> I've downgraded systemd to 225-1ubuntu9.1 from wily/proposed.  Kernel is
> still linux-image-4.5.0-040500rc4-generic and lxc is
> 1.1.5-0ubuntu0.15.10.3 from wily-updates.
> 
> Unfortunately, when I now start the lxc container, I seem to hit a
> different bug.  I get:
> 
>   lxc-start 1455870309.289 INFO lxc_conf - conf.c:setup_tty:1080 - 4 
> tty(s) has been setup
>   lxc-start 1455870309.289 INFO lxc_conf - 
> conf.c:setup_personality:1473 - set personality to '0x0'
>   lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2279 - 
> drop capability 'mac_admin' (33)
>   lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2279 - 
> drop capability 'mac_override' (32)
>   lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2279 - 
> drop capability 'sys_time' (25)
>   lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2279 - 
> drop capability 'sys_module' (16)
>   lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2288 - 
> capabilities have been setup
>   lxc-start 1455870309.289 NOTICE   lxc_conf - conf.c:lxc_setup:4026 - 
> 'aansluitform-deploy' is setup.
>   lxc-start 1455870309.289 WARN lxc_apparmor - 
> lsm/apparmor.c:apparmor_process_label_set:167 - Incomplete AppArmor support 
> in your kernel
>   lxc-start 1455870309.289 ERRORlxc_apparmor - 
> lsm/apparmor.c:apparmor_process_label_set:169 - If you really want to start 
> this container, set

Right, that is what I was referring to in comment #18.  If you use an
upstream kernel then you need to update the container configuration, as
mentioned in the next line of the error msg.  You can add

lxc.aa_allow_incomplete = 1

to your configuration to proceed.

>   lxc-start 1455870309.289 ERRORlxc_apparmor - 
> lsm/apparmor.c:apparmor_process_label_set:170 - lxc.aa_allow_incomplete = 1
>   lxc-start 1455870309.289 ERRORlxc_apparmor - 
> lsm/apparmor.c:apparmor_process_label_set:171 - in your container 
> configuration file
>   lxc-start 1455870309.289 ERRORlxc_sync - sync.c:__sync_wait:51 - 
> invalid sequence number 1. expected 4

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Bas Zoetekouw]

I've downgraded systemd to 225-1ubuntu9.1 from wily/proposed.  Kernel is
still linux-image-4.5.0-040500rc4-generic and lxc is
1.1.5-0ubuntu0.15.10.3 from wily-updates.

Unfortunately, when I now start the lxc container, I seem to hit a
different bug.  I get:

  lxc-start 1455870309.289 INFO lxc_conf - conf.c:setup_tty:1080 - 4 
tty(s) has been setup
  lxc-start 1455870309.289 INFO lxc_conf - 
conf.c:setup_personality:1473 - set personality to '0x0'
  lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2279 - 
drop capability 'mac_admin' (33)
  lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2279 - 
drop capability 'mac_override' (32)
  lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2279 - 
drop capability 'sys_time' (25)
  lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2279 - 
drop capability 'sys_module' (16)
  lxc-start 1455870309.289 DEBUGlxc_conf - conf.c:setup_caps:2288 - 
capabilities have been setup
  lxc-start 1455870309.289 NOTICE   lxc_conf - conf.c:lxc_setup:4026 - 
'aansluitform-deploy' is setup.
  lxc-start 1455870309.289 WARN lxc_apparmor - 
lsm/apparmor.c:apparmor_process_label_set:167 - Incomplete AppArmor support in 
your kernel
  lxc-start 1455870309.289 ERRORlxc_apparmor - 
lsm/apparmor.c:apparmor_process_label_set:169 - If you really want to start 
this container, set
  lxc-start 1455870309.289 ERRORlxc_apparmor - 
lsm/apparmor.c:apparmor_process_label_set:170 - lxc.aa_allow_incomplete = 1
  lxc-start 1455870309.289 ERRORlxc_apparmor - 
lsm/apparmor.c:apparmor_process_label_set:171 - in your container configuration 
file
  lxc-start 1455870309.289 ERRORlxc_sync - sync.c:__sync_wait:51 - 
invalid sequence number 1. expected 4
  lxc-start 1455870309.289 ERRORlxc_start - start.c:__lxc_start:1213 - 
failed to spawn 'aansluitform-deploy'
  lxc-start 1455870309.290 ERRORlxc_cgmanager - 
cgmanager.c:cgm_remove_cgroup:523 - call to cgmanager_remove_sync failed: 
invalid request
  lxc-start 1455870309.290 ERRORlxc_cgmanager - 
cgmanager.c:cgm_remove_cgroup:525 - Error removing all:lxc/aansluitform-deploy-8
  lxc-start 1455870309.317 WARN lxc_commands - 
commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive 
response
  lxc-start 1455870309.317 WARN lxc_cgmanager - cgmanager.c:cgm_get:994 
- do_cgm_get exited with error
  lxc-start 1455870314.321 ERRORlxc_start_ui - lxc_start.c:main:344 - 
The container failed to start.
lxc-start: lxc_start.c: main: 344 The container failed to start.
  lxc-start 1455870314.321 ERRORlxc_start_ui - lxc_start.c:main:346 - 
To get more details, run the container in foreground mode.
lxc-start: lxc_start.c: main: 346 To get more details, run the container in 
foreground mode.
  lxc-start 1455870314.321 ERRORlxc_start_ui - lxc_start.c:main:348 - 
Additional information can be obtained by setting the --logfile and 
--logpriority options.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by 
setting the --logfile and --logpriority options.
 


When adding the suggested apparmor parameter to the config file, the apparmor 
error disappear, but the cgmanager errors are identical (but different than 
before)...
Any ideas?

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Serge Hallyn]

Thanks - do make sure to log back in after the update.

The xenial systemd would fail because there you must have libpam-cgfs
to get your own cgroups for lxc.  In wily iirc that should not be
required.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Bas Zoetekouw]

This was systemd and kernel from xenial.  I'll try again tomorrov with
the wily-proposed systemd and xenial kernel.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Serge Hallyn]

Oh, right, something with the pids controller enabled.

Still want to make sure he's using the right systemd version, since his
appears not to be fixed otherwise.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Martin Pitt]

Serge Hallyn [2016-02-18 16:39 -]:
> Just to be sure, can you show the systemd version you were using here?
> The intent was to check with systemd from wily-proposed, with the
> regular wily kernel.

I thought the idea was to use a xenial kernel on wily?

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Serge Hallyn]

Just to be sure, can you show the systemd version you were using here?
The intent was to check with systemd from wily-proposed, with the
regular wily kernel.  In particular, an upstream kernel would be
expected to fail by default without setting an extra apparmor flag in
the container configuration (though that doesn't seem to be how yours is
failing)

What does /proc/self/cgroup look like?

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Bas Zoetekouw]

I've just tried with an upstream 4.5.0-rc4 kernel (which does boot on my
laptop).

Unfortunately, it doesn't work yet.

linux-image linux-image-4.5.0-040500rc4-generic
systemd 229-1ubuntu2
lxc 1.1.5-0ubuntu0.15.10.3

starting a container gives:   lxc-start 1455712091.086 DEBUGlxc_console 
- console.c:lxc_console_peer_default:536 - no console peer
  lxc-start 1455712091.092 INFO lxc_monitor - 
monitor.c:lxc_monitor_sock_name:178 - using monitor sock name 
lxc/1139bd77ce7a3a6c//home/bas/.local/share/lxc
  lxc-start 1455712091.132 INFO lxc_start - start.c:lxc_init:474 - 
'aansluitform-deploy' is initialized
  lxc-start 1455712091.132 DEBUGlxc_start - start.c:__lxc_start:1186 - 
Not dropping cap_sys_boot or watching utmp
  lxc-start 1455712091.133 INFO lxc_start - 
start.c:resolve_clone_flags:883 - Cloning a new user namespace
  lxc-start 1455712091.133 INFO lxc_cgroup - cgroup.c:cgroup_init:65 - 
cgroup driver cgmanager initing for aansluitform-deploy
  lxc-start 1455712091.138 ERRORlxc_cgmanager - 
cgmanager.c:lxc_cgmanager_enter:698 - call to cgmanager_move_pid_sync failed: 
invalid request
  lxc-start 1455712091.138 ERRORlxc_start - start.c:__lxc_start:1213 - 
failed to spawn 'aansluitform-deploy'
  lxc-start 1455712091.163 WARN lxc_commands - 
commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive 
response
  lxc-start 1455712091.164 WARN lxc_cgmanager - cgmanager.c:cgm_get:994 
- do_cgm_get exited with error
  lxc-start 1455712096.169 ERRORlxc_start_ui - lxc_start.c:main:344 - 
The container failed to start.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Bas Zoetekouw]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Martin,

> On 11-02-16 10:24, Martin Pitt wrote:
>> Bas, any chance to test the update in -proposed so that we can 
>> release that?
> 
> I'll try to test it later this week, if that's ok.

Unfortunately, the xenial 4.4 kernel won't boot for me at the moment
(keyboard doesn't work while inputting disk decryption key), so I
can't test if thisis fixed...

Gr,
Bas.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWw4LgAAoJENGDpRe/qY3mp+QQAM5EESKhWB5MjZUn3cvDh+ku
IGKEqKjDg+luKuHxvHHiXh1KNNCdHCffko33Qa2LSMsivX1WHNocN+n7Hvv1Wq0N
DmUHqth5b+BefemEF+sfJVz+gyV6W9r37QtJxKbjb8pUr05vnlzdMma7qF9qkZmv
rA+bOQbjP20JSuohWvMM0tRC9+gNX4GBiZYD/8Ac3WGMLA8l2FNXjnCrWFgyb+oF
hhPcgudcv9L2JAx+7JlXs7oNMoXjQ57k/d1dIQW+uyGL/24X2CV1btcEmznowYMo
lYZPP99i3PpsmhnhwAd+VYYPd1o1052HfkEYIx/dVMoK5usxgpcwl5wsdgFLaTog
hpPA/poC7RCIFdGpXFt31dhjQMIOR4mQ41NiuJtPxXrp5H3Bu5Q0bCgq3o5WJMNw
85bzJ5uxE3cGFDSeeBb/j8gxeK1yW1hqP5t051f40C98sfX4hyOyZmuKLyakKyW9
I/h8kQOFaLFi8MlmcV6MnA0E66nIO5J+ODWeSmdAeMLWAzA9b911YfecCB8PMboq
RtR/ddc0/cttmtDWgQ8sz3lO7d2vNwzWqMIJW2qDy4IexK9jOIlHiOw9CLuJdjqm
f2sfZZWhNjeGIddAJ0tZB6TKmCHuZ07XYeaiyOaFTGSTF5MhDmPtyV7/51d6pOU4
QqbgijCYBiyM1m04NNep
=HBJX
-END PGP SIGNATURE-

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Bas Zoetekouw]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi Martin,

On 11-02-16 10:24, Martin Pitt wrote:
> Bas, any chance to test the update in -proposed so that we can
> release that?

I'll try to test it later this week, if that's ok.

Best regards,
Bas.


- -- 
 And what shoulder and what art
 Could twist the sinews of thy heart?
 And when thy heart began to beat
 What dread hand and what dread feet?

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJWwaVGAAoJENGDpRe/qY3m3hEP/Rl0oDvDYBiVQLr8L0ziSW4B
CC19e9WaR76hhtuKnPpARqY9KteOeIOfJ2JC37DoAIi39k6I3ze5r61KGqxmB72W
Kgajvjy3AcqzWOxEAZC5wEJX9wMI/cT8vSgtUjhQT8TIsTKsGCXXDzBlICzQ51eU
CfkFtDJPrTJtkxS/IewomwvQwEy+vYM9sdBAVt/eEeBB2h0V0oNlD5k41p5p80ll
1Go9C9b0KHN0fWmkrjcT69b0GJG94/tsLbP/vMCsOpcH9f1RiLz02ruBSeNsrB8s
OUD9xi+hbB55Qvg3dtHjD0InqOn2eOxp+UOoeIwr4IbOP15IenK/7wLVQAvzi0yO
GysISesys69zRAAWOEpFHyHb/YX9DBlnRcEO+cRCRXCDV8mod4Y/CUWFPMk37Plv
+HCJhl3dlf8eZc3YKXOSCfL70ue25JXo/s+/KKoAai4cQyuWzGZ1cMk4RGQRjnhT
26WL2pOAnB02UqmVTcO4xRx452AFVZbOG0+qi1CdzvTc1zlgRYQrGZPzz2h2fsA3
/+iZzMfcd1N45kr/UMavslhWgkye6wJ5hRJdyMG+n6lyNo3oqGMLyvTuC5v8xVbV
m5UaHDULX3NDkk9d1joMsw02qzTuMIZuPdlzTHPr/VPpw15B0b+x4gzHbOxPsACx
DKLdRCkiKPUEkXMY2Fbl
=oRTc
-END PGP SIGNATURE-

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Martin Pitt]

bug 1539488 is nothing new and not related to systemd.

** Tags removed: verification-failed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Martin Pitt]

Bas, any chance to test the update in -proposed so that we can release
that?

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Martin Pitt]

Bug 1538960 is unrelated and a local configuration error.

** Tags removed: verification-failed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Chris J Arges]

Hello Bas, or anyone else affected,

Accepted systemd into wily-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/systemd/225-1ubuntu9.1
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: systemd (Ubuntu Wily)
   Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Serge Hallyn]

Thanks - Martin - tested that with the mainline kernel, and it did indeed
give me a pids cgroup:

ubuntu@pitti:~$ cat /proc/self/cgroup
11:hugetlb:/user.slice/user-1000.slice/session-2.scope
10:blkio:/user.slice/user-1000.slice/session-2.scope
9:devices:/user.slice/user-1000.slice/session-2.scope
8:pids:/user.slice/user-1000.slice/session-2.scope
7:memory:/user.slice/user-1000.slice/session-2.scope
6:perf_event:/user.slice/user-1000.slice/session-2.scope
5:cpuset:/user.slice/user-1000.slice/session-2.scope
4:net_cls,net_prio:/user.slice/user-1000.slice/session-2.scope
3:freezer:/user.slice/user-1000.slice/session-2.scope
2:cpu,cpuacct:/user.slice/user-1000.slice/session-2.scope
1:name=systemd:/user.slice/user-1000.slice/session-2.scope

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Martin Pitt]

I uploaded a systemd with adding the "pids" cgroup controller to
https://launchpad.net/~pitti/+archive/ubuntu/ppa . It would be great if
you could test this! (Sorry, running out of time today.)

** Changed in: systemd (Ubuntu Wily)
   Status: Triaged => In Progress

** Changed in: systemd (Ubuntu Wily)
 Assignee: (unassigned) => Martin Pitt (pitti)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

[Martin Pitt]

Tested it myself now as well. I uploaded it to the wily-proposed SRU
queue.

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1533833

Title:
  unprivileged lxc containers won't start, need to put sessions into
  "pids"  cgroup controller

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1533833/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs