Re: [Nix-dev] Perl -> C++

[Jakob Gillich]

> I think there are few enough people who contribute to the nix repo as it is 
> now.

That is actually an argument in favor of a rewrite, C++ is not very
popular in the Linux community. Contributing to Nix will become a lot
more attractive when it's written in a language that people actually
enjoy using. At least that's how I personally feel about it, I'm just
not interested in doing any C++ anymore.

On Wed, Jan 6, 2016, at 09:26 PM, Vladimír Čunát wrote:
> On 01/06/2016 06:36 PM, stewart mackenzie wrote:
> > Shall we start defining the nix language?
> 
> None of the perl stuff deals directly with the nix language, so that
> seems rather a much independent issue. Personally, I think there are few
> enough people who contribute to the nix repo as it is now. Do you think
> starting another implementation would help the quality or something
> else? Even in a horizon of up to several years?
> 
> --Vladimir
> 
> 
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> Email had 1 attachment:
> + smime.p7s
>   5k (application/pkcs7-signature)
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] How can we make import-from-derivation more useful?

[Daniel Peebles]

I might start by converting some of the Apple open source releases to use
import-from-derivation, if nobody objects. Should limit the impact to only
Darwin users, but I do think this needs to go more broadly.

Also, if any Nix gurus want to help me review Shea's ancient (but related
to this topic) pull request https://github.com/NixOS/nix/pull/52 (a more
recent attempt than #31 he linked to earlier in this thread), please do! If
we can get interest going again, I'd be happy to resolve conflicts and
resume pushing to get it merged. I'm brushing up on the Nix internals
needed to understand it, but I expect some of you won't need as much
preparation.


On Mon, Jan 4, 2016 at 4:30 AM, Ericson, John 
wrote:

> Shea's changes sound good, and I once wrote up a plan for making
> `--dry-run` play nicer with this https://github.com/NixOS/nix/issues/666
> . That said, I rather just start using import-from-derivation in nixpkgs
> immediately, and let the fallout be more motivation to improve nix. IMO,
> anybody using the eval-everything portions of nix-env is a masochist
> anyways :).
>
> On Mon, Dec 28, 2015 at 8:12 AM, Shea Levy  wrote:
>
>> https://github.com/NixOS/nix/pull/31 may be relevant.
>>
>> On 2015-12-28 11:10, Daniel Peebles wrote:
>> > A few days ago, I proposed importing from a derivation [1] to save us
>> > from having to manually manage autogenerated firefox/thunderbird
>> > fixed-output derivaiton hash files and junk up the nixpkgs repository
>> > with them. In response, Vladimír Čunát pointed out that nix-env would
>> > currently force a download at evaluation time as a result of that
>> > change, and that's undesirable.
>> >
>> > I see it as inevitable that we'll have to start importing from
>> > derivations to make external package ecosystems more manageable.
>> > Currently, haskellPackages is already eating up a large chunk of the
>> > overall repository size, and as we start adopting similar automated
>> > processes to manage other ecosystems, I see no way to keep the repo
>> > size manageable. It also feels like a bit of an abuse of a VCS to be
>> > putting autogenerated files in it, as we do today. Especially when
>> > nix
>> > is generally so good at doing that sort of thing for us.
>> >
>> > It seems like the main obstacle standing in the way of this pattern
>> > is nix-env, given its habit (also unsustainable) of forcing the
>> > evaluation of a large chunk of the packages expression. People have
>> > expressed a desire to deprecate that sort of functionality, but I
>> > don't know what sort of timeline such a change could be made on, so
>> > I'm looking for ways to make it more manageable in the meantime.
>> >
>> > Does anyone have ideas on how to improve this? Or am I wrong about
>> > things getting out of control if we don't? Are there other options?
>> >
>> > Thanks,
>> > Dan
>> >
>> >
>> >
>> > Links:
>> > --
>> > [1]
>> > https://github.com/NixOS/nixpkgs/pull/11319#issuecomment-167144900
>> >
>> > ___
>> > nix-dev mailing list
>> > nix-dev@lists.science.uu.nl
>> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Perl -> C++

[Vladimír Čunát]

On 01/06/2016 06:36 PM, stewart mackenzie wrote:
> Shall we start defining the nix language?

None of the perl stuff deals directly with the nix language, so that
seems rather a much independent issue. Personally, I think there are few
enough people who contribute to the nix repo as it is now. Do you think
starting another implementation would help the quality or something
else? Even in a horizon of up to several years?

--Vladimir




smime.p7s
Description: S/MIME Cryptographic Signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] How to copy files and share folders to nixops deployment

[rohit yadav]

Hi,

I am trying to deploy containers with nixops with ability to copy files and
folder from local machine to a target folder inside the container. Also, I
want to share folders from localhost machine to the container. How do I
accomplish this? I could not find anything in the manual.

One solution I tried sshfs after deployment of container but find that it
complains about 'fuse' module not loaded though I listed inside the
packages.

Thanks,
Rohit
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Perl -> C++

[stewart mackenzie]

Good god man, please stop using the term 'transpile', the correct term you
want is 'compile'.

If a new nix language backend is to be created the first step is to define
the nix language (using something like ABNF) as previously suggested.
Otherwise you open up a whole class of exploits, see Patterson et al on
Langsec.

On 7 Jan 2016 01:12, "Herwig Hochleitner"  wrote:
> As I understand it, the primary motivation for reimplementing those tools
is to tighten the bootstrapping - cycle for new platforms. So while there
might many conveivable languages to do this in (I'd personally lean towards
an existing, self-hosted vm like pypy or racket), discussing just the
language misses the point.

One advantage using LLVM based languages: Rust targets LLVM IR. This IR can
be compiled to any backend available to LLVM (given a robust enough
implementation).

nim-lang is a dependency, gcc is a dependency, the question is: is the
dependency widely available on many platforms? I personally don't care
about this as long as there is a simple short set of instructions to setup.

Shall we start defining the nix language?
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?

[Eelco Dolstra]

Hi,

On 06/01/16 00:52, Mateusz Czaplinski wrote:

> Is it possible to easily create files like with writeText, but such that 
> they're
> "chmod 400" *before* the contents is written?
> 
> From what I've read, NetworkManager expects to have network definitions as 
> chmod
> 400 files in /etc/NetworkManager/system-connections/ IIRC. I'm trying to 
> create
> them via appending to "environment.etc" property, but don't know how to make
> them root-only readable.

You can specify a mode, e.g.

  environment.etc."NetworkManager/bla" =
{ mode = "0400";
  source = writeText ...;
};

However, this won't help much because "source" (and the derivation that produced
it) are still world-readable.

-- 
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Perl -> C++

[Herwig Hochleitner]

As I understand it, the primary motivation for reimplementing those tools
is to tighten the bootstrapping - cycle for new platforms. So while there
might many conveivable languages to do this in (I'd personally lean towards
an existing, self-hosted vm like pypy or racket), discussing just the
language misses the point.

The focus is getting NixOS onto a completely new platform, like "gcc just
started supporting it" new. That means no existing linux distro whose tools
we can reappropriate. It means manually cross-compiling everything you need
to get nix itself running. As an excercise, try to port nixos onto
Raspberry PI, without starting from the existing build or from Raspbian.

While I find Rust and other new languages appealing, any serious proposal
needs to start from the following points:
- what platforms does it support
- how hard is it to cross-compile
- how hard is it to target to new machine architectures
- how big is the build-time closure

I don't think anything comes close to C(++) for those points. I think the
best trade-off for high-level features might be in languages that transpile
to dependency-free C, like http://nim-lang.org/, maybe also
ultra-lightweight embedded vms like lua.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Some hints for Perl -> C++ translation?

[Matthew O'Gorman]

> Le 06/01/16 12:59, Mateusz Czaplinski a écrit :
> More or less.
> See http://nixos.org/nix/manual/#chap-hacking.
>
> The commands described there should create a "./inst" folder and install
> the new nix within.
> You can then call ./inst/bin/nix-* --options...
>  
I just tried this ona 15.09 x86_64 linux box

 checking whether DBD::SQLite works... no
 configure: error: in `/home/mog/docs/code/nixos/nix':
 configure: error: The Perl modules DBI and/or DBD::SQLite are missing.
 See `config.log' for more details

this is the results i get on my box
-- 
Matthew O'Gorman
BM-NBUmia4p88Jny5bZbRGcMt64SWWp5WVv
TorChat: 5w3dtk7nhkkijcpc
Site: https://b.rldn.net
Xim/Email: m...@rldn.net
mog@rldn:~$ fortune wisdom -s|cowsay -f /dev/null
  
/ Life is like a sewer. What you get out \
| of it depends on what you put into it. |
||
\ -- Tom Lehrer  /
  


signature.asc
Description: PGP signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Configure WiFi networks for NetworkManager in configuration.nix?

[Vladimír Čunát]

On 01/06/2016 12:52 AM, Mateusz Czaplinski wrote:
> NetworkManager expects to have network definitions as chmod 400 files in
> /etc/NetworkManager/system-connections/ IIRC.

Files in nix store can't be chmod 400.

--Vladimir




smime.p7s
Description: S/MIME Cryptographic Signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Some hints for Perl -> C++ translation?

[Guillaume Maudoux (Layus)]

Le 06/01/16 12:59, Mateusz Czaplinski a écrit :
>
>
> On Mon, Jan 4, 2016 at 9:22 AM, Vladimír Čunát  > wrote:
>
> >   - how I might try to setup a dev environment for that, ideally in 
> NixOS?
> I think ./dev-shell is meant exactly for that.
>
>
> Thanks!
> So, I should expect something like below to work in "pristine NixOS
> with Internet connectivity", yes?
>
> $ ./dev-shell # runs bash in the new env, I assume
> $ ./configure && make && make check
> $ ./bin/nix-env --this-and-that-or-else

More or less.
See http://nixos.org/nix/manual/#chap-hacking.

The commands described there should create a "./inst" folder and install
the new nix within.
You can then call ./inst/bin/nix-* --options...
 
>
> >   - where in the codebase can I find some "main entry point" to
> "core
> > nix functionalities"?
>
> I'd think that's not a good approach to take. What's written in
> perl are
> mainly facade-like wrappers and utilities.
>
> >   - what would you suggest I start translating first? (which .pm
> files)
> > I'm open to all suggestions, including "hard but very useful"
> ones, as
> > well as "easy but close to useless".
>
> *.pm seem for usage by perl stuff (per/lib/Nix/*.pm), so it should be
> possible to completely ignore those. I suppose you know this overview
> list https://github.com/NixOS/nix/issues/341#issuecomment-58743265
>
> I think the most called ones are download-from-binary-cache.pl.in
> ,
> nix-build, and buildenv.pl . Maybe best start
> with some script that you
> (think) you understand best. From portability perspective, most of
> them
> will need to get ported to achieve the goal.
>
>
> Ok, thanks for all the hints and information. Nice overview, gives me
> some much needed perspective.
>
> Thanks,
> /Mateusz.
>
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Some hints for Perl -> C++ translation?

[Mateusz Czaplinski]

On Mon, Jan 4, 2016 at 9:22 AM, Vladimír Čunát  wrote:

> >   - how I might try to setup a dev environment for that, ideally in
> NixOS?
> I think ./dev-shell is meant exactly for that.
>

Thanks!
So, I should expect something like below to work in "pristine NixOS with
Internet connectivity", yes?

$ ./dev-shell # runs bash in the new env, I assume
$ ./configure && make && make check
$ ./bin/nix-env --this-and-that-or-else


> >   - where in the codebase can I find some "main entry point" to "core
> > nix functionalities"?
>
> I'd think that's not a good approach to take. What's written in perl are
> mainly facade-like wrappers and utilities.
>
> >   - what would you suggest I start translating first? (which .pm files)
> > I'm open to all suggestions, including "hard but very useful" ones, as
> > well as "easy but close to useless".
>
> *.pm seem for usage by perl stuff (per/lib/Nix/*.pm), so it should be
> possible to completely ignore those. I suppose you know this overview
> list https://github.com/NixOS/nix/issues/341#issuecomment-58743265
>
> I think the most called ones are download-from-binary-cache.pl.in,
> nix-build, and buildenv.pl. Maybe best start with some script that you
> (think) you understand best. From portability perspective, most of them
> will need to get ported to achieve the goal.
>

Ok, thanks for all the hints and information. Nice overview, gives me some
much needed perspective.

Thanks,
/Mateusz.
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] execute LXC guest as none root user

[Joachim Schiele]

On 06.01.2016 12:03, Joachim Schiele wrote:
> hey,
> 
> we got lxc with NixOS as guest on NixOS as host working but we can only
> execute it using the 'root' users.
> 
> however, for security reasons it seems to be a good thing to use the
> kernel 'user namespaces' but i deliberately fail to get this running.
> 
> we are using nix-rehash from offlinehacker:
>   https://github.com/nixcloud/nix-rehash
> 
> 
> the latest issue when using:
>   /etc/subuid
>   /etc/subgid
> 
> 
> lxc-start -d -n "CONTAINERNAME" \
>   -f "container.conf" \
>   -s lxc.rootfs=$CONTAINER_ROOT \
>   -F
>   "/nix/store/05sy0bz81426798qzrj66m64ncb3pymd-nixos-15.09.756.88765a/init"
> Using /var/lib/containers/CONTAINERNAME as rootfs
> lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to
> cgmanager_move_pid_sync failed: invalid request
> lxc-start: start.c: __lxc_start: 1172 failed to spawn 'CONTAINERNAME'
> lxc-start: lxc_start.c: main: 344 The container failed to start.
> lxc-start: lxc_start.c: main: 348 Additional information can be obtained
> by setting the --logfile and --logpriority options.
> 
> 
> cgmanager --debug:
> Connection from private client
> ListControllers: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> Disconnected from private client
> Connection from private client
> Disconnected from private client
> Connection from private client
> Disconnected from private client
> Connection from private client
> ListControllers: Client fd is: 6 (pid=5958, uid=1000, gid=100)
> Disconnected from private client
> Connection from private client
> Disconnected from private client
> Connection from private client
> Create: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> Created /run/cgmanager/fs/blkio/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Created /run/cgmanager/fs/cpu/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Created /run/cgmanager/fs/cpuset/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Created /run/cgmanager/fs/devices/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Created /run/cgmanager/fs/freezer/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Created /run/cgmanager/fs/memory/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Created /run/cgmanager/fs/net_cls/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> cgmanager:do_create_main: pid 5956 (uid 1000 gid 100) may not create
> under
> /run/cgmanager/fs/none,name=systemd/user.slice/user-1000.slice/session-1.scope
> cgmanager_create: returning 0; existed is -1
> Disconnected from private client
> Connection from private client
> Disconnected from private client
> Connection from private client
> MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> 5964 moved to blkio:lxc/CONTAINERNAME by 5956's request
> MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> 5964 moved to cpu:lxc/CONTAINERNAME by 5956's request
> MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> 5964 moved to cpuset:lxc/CONTAINERNAME by 5956's request
> MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> 5964 moved to devices:lxc/CONTAINERNAME by 5956's request
> MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> 5964 moved to freezer:lxc/CONTAINERNAME by 5956's request
> MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> 5964 moved to memory:lxc/CONTAINERNAME by 5956's request
> MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> 5964 moved to net_cls:lxc/CONTAINERNAME by 5956's request
> MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> cgmanager: Invalid path
> /run/cgmanager/fs/none,name=systemd/user.slice/user-1000.slice/session-1.scope/lxc/CONTAINERNAME
> cgmanager:per_ctrl_move_pid_main: Invalid path
> /run/cgmanager/fs/none,name=systemd/user.slice/user-1000.slice/session-1.scope/lxc/CONTAINERNAME
> Disconnected from private client
> Connection from private client
> Remove: Client fd is: 6 (pid=5956, uid=1000, gid=100)
> Removed /run/cgmanager/fs/blkio/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Removed /run/cgmanager/fs/cpu/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Removed /run/cgmanager/fs/cpuset/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Removed /run/cgmanager/fs/devices/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Removed /run/cgmanager/fs/freezer/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Removed /run/cgmanager/fs/memory/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Removed /run/cgmanager/fs/net_cls/Me/lxc/CONTAINERNAME for 5956 (1000:100)
> Disconnected from private client
> 
> 
> 
> 
> The config I'm using:
> 
> lxc.utsname = CONTAINERNAME
> lxc.arch = "x86_64"
> 
> lxc.cgroup.devices.deny = a # Deny all access to devices
> lxc.tty = 4
> lxc.pts = 1024
> 
> ## Capabilities
> lxc.cap.drop = audit_control audit_write mac_admin mac_override
> mknod setfcap
> lxc.cap.drop = sys_boot sys_module sys_pacct sys_rawio sys_time
> 
> ## Devices
> lxc.cgroup.devices.deny = a # Deny access to all devices
> 
> # Allow to mknod all devices (but not using them)
> lxc.cgroup.devices.allow = c *:* m
> lxc.cgroup.devices.allow = b *:* m
> # /

[Nix-dev] execute LXC guest as none root user

[Joachim Schiele]

hey,

we got lxc with NixOS as guest on NixOS as host working but we can only
execute it using the 'root' users.

however, for security reasons it seems to be a good thing to use the
kernel 'user namespaces' but i deliberately fail to get this running.

we are using nix-rehash from offlinehacker:
  https://github.com/nixcloud/nix-rehash


the latest issue when using:
  /etc/subuid
  /etc/subgid


lxc-start -d -n "CONTAINERNAME" \
  -f "container.conf" \
  -s lxc.rootfs=$CONTAINER_ROOT \
  -F
  "/nix/store/05sy0bz81426798qzrj66m64ncb3pymd-nixos-15.09.756.88765a/init"
Using /var/lib/containers/CONTAINERNAME as rootfs
lxc-start: cgmanager.c: lxc_cgmanager_enter: 698 call to
cgmanager_move_pid_sync failed: invalid request
lxc-start: start.c: __lxc_start: 1172 failed to spawn 'CONTAINERNAME'
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained
by setting the --logfile and --logpriority options.


cgmanager --debug:
Connection from private client
ListControllers: Client fd is: 6 (pid=5956, uid=1000, gid=100)
Disconnected from private client
Connection from private client
Disconnected from private client
Connection from private client
Disconnected from private client
Connection from private client
ListControllers: Client fd is: 6 (pid=5958, uid=1000, gid=100)
Disconnected from private client
Connection from private client
Disconnected from private client
Connection from private client
Create: Client fd is: 6 (pid=5956, uid=1000, gid=100)
Created /run/cgmanager/fs/blkio/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Created /run/cgmanager/fs/cpu/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Created /run/cgmanager/fs/cpuset/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Created /run/cgmanager/fs/devices/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Created /run/cgmanager/fs/freezer/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Created /run/cgmanager/fs/memory/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Created /run/cgmanager/fs/net_cls/Me/lxc/CONTAINERNAME for 5956 (1000:100)
cgmanager:do_create_main: pid 5956 (uid 1000 gid 100) may not create
under
/run/cgmanager/fs/none,name=systemd/user.slice/user-1000.slice/session-1.scope
cgmanager_create: returning 0; existed is -1
Disconnected from private client
Connection from private client
Disconnected from private client
Connection from private client
MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
5964 moved to blkio:lxc/CONTAINERNAME by 5956's request
MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
5964 moved to cpu:lxc/CONTAINERNAME by 5956's request
MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
5964 moved to cpuset:lxc/CONTAINERNAME by 5956's request
MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
5964 moved to devices:lxc/CONTAINERNAME by 5956's request
MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
5964 moved to freezer:lxc/CONTAINERNAME by 5956's request
MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
5964 moved to memory:lxc/CONTAINERNAME by 5956's request
MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
5964 moved to net_cls:lxc/CONTAINERNAME by 5956's request
MovePid: Client fd is: 6 (pid=5956, uid=1000, gid=100)
cgmanager: Invalid path
/run/cgmanager/fs/none,name=systemd/user.slice/user-1000.slice/session-1.scope/lxc/CONTAINERNAME
cgmanager:per_ctrl_move_pid_main: Invalid path
/run/cgmanager/fs/none,name=systemd/user.slice/user-1000.slice/session-1.scope/lxc/CONTAINERNAME
Disconnected from private client
Connection from private client
Remove: Client fd is: 6 (pid=5956, uid=1000, gid=100)
Removed /run/cgmanager/fs/blkio/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Removed /run/cgmanager/fs/cpu/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Removed /run/cgmanager/fs/cpuset/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Removed /run/cgmanager/fs/devices/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Removed /run/cgmanager/fs/freezer/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Removed /run/cgmanager/fs/memory/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Removed /run/cgmanager/fs/net_cls/Me/lxc/CONTAINERNAME for 5956 (1000:100)
Disconnected from private client




The config I'm using:

lxc.utsname = CONTAINERNAME
lxc.arch = "x86_64"

lxc.cgroup.devices.deny = a # Deny all access to devices
lxc.tty = 4
lxc.pts = 1024

## Capabilities
lxc.cap.drop = audit_control audit_write mac_admin mac_override
mknod setfcap
lxc.cap.drop = sys_boot sys_module sys_pacct sys_rawio sys_time

## Devices
lxc.cgroup.devices.deny = a # Deny access to all devices

# Allow to mknod all devices (but not using them)
lxc.cgroup.devices.allow = c *:* m
lxc.cgroup.devices.allow = b *:* m
# /dev/null
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
#consoles / tty
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
#lxc.cgroup.devices.allow = c 4:2 rwm
#lxc.cgroup.devices.allow = c 4:3 rwm