Thanks for verifying. What is happening is actually vaguely explained
in the mountcgroup hook itself, and is an unfortunate side effect of a
somewhat recent kernel change:
cd /sys/fs/cgroup/devices
sudo mkdir a
echo a | sudo tee -a a/devices.deny # succeeds
sudo mkdir -p b/c
echo a | sudo tee -a b/devices.deny # fails
If a devices cgroup has any child cgroups, then you can no longer make
certain changes to it.
Marking this confirmed and changing the title to reflect that the
comments in /usr/share/lxc/config/ubuntu.common.conf need to be changed.
** Changed in: lxc
Status: Incomplete => Triaged
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status: New
** Also affects: lxc (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: lxc (Ubuntu)
Status: New => Triaged
** Changed in: lxc (Ubuntu Trusty)
Status: New => Triaged
** Changed in: lxc (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: lxc (Ubuntu)
Importance: Undecided => High
** Summary changed:
- Error setting cgroup devices.deny limit with nested lxc container
+ comments in common.conf must be updated
** Changed in: lxc
Assignee: (unassigned) => Serge Hallyn (serge-hallyn)
** Changed in: lxc
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1342960
Title:
comments in common.conf must be updated
Status in lxc containers:
In Progress
Status in “lxc” package in Ubuntu:
Triaged
Status in “lxc” source package in Trusty:
Triaged
Bug description:
I tried to run a juju charm (jenkins-lxc) that starts a lxc container
so I added lxc.aa_profile = lxc-container-default-with-nesting and
lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups to /var/lib/lxc
/juju-trusty-template/config and then tried to deploy the service. I
got a failure from juju:
agent-state-info: 'error executing "lxc-start": The container failed to
start.;
To get more details, run the container in foreground mode.; Additional
information
can be obtained by setting the --logfile and --log-priority options.'
So I tried to start the container manually:
$ sudo lxc-start -n matsubara-local-machine-1 --logpriority DEBUG
--logfile /tmp/lxc.log which gave me this log:
http://paste.ubuntu.com/7805486/
I removed lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups from the
/var/lib/lxc/juju-trusty-template/config and tried again. Got the same
error
I created the file /etc/default/cgmanager and added cgmanager_opts="--
debug"
And got in /var/log/upstart/cgmanager.log:
http://paste.ubuntu.com/7805602/
Additional info:
<hallyn> release, kernel version, lxc version, cgmanager version
<matsubara> hallyn, I'm running this on Trusty, 3.13.0-30-generic, lxc
1.0.4-0ubuntu0.1 and 0.24-0ubuntu7
/proc/self/cgroup content: http://paste.ubuntu.com/7805492/
The config for the juju template used to start local provider containers in
/var/lib/lxc/juju-trusty-template/config: http://paste.ubuntu.com/7805606/
And the config for /var/lib/lxc/matsubara-local-machine-1/config:
http://paste.ubuntu.com/7805610/
To manage notifications about this bug go to:
https://bugs.launchpad.net/lxc/+bug/1342960/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
