I created a per-user container "t1", and confirm that it does start
under upstart/cgmanger and doesn't under systemd. I now have a
preliminary patch for putting the user slices into all cgroup
controllers, plus some hand-crafted "chown ubuntu" for all the
user-1000.slice cgroup directories so that they become writable (this
part still needs to be added to the patch). I understand that this
should now be sufficient:
ubuntu@ulxc$ cat /proc/$$/cgroup
10:devices:/user.slice/user-1000.slice
9:memory:/user.slice/user-1000.slice
8:cpuset:/
7:hugetlb:/user.slice/user-1000.slice
6:blkio:/user.slice/user-1000.slice
5:cpu,cpuacct:/user.slice/user-1000.slice
4:freezer:/user.slice/user-1000.slice
3:perf_event:/user.slice/user-1000.slice
2:net_cls,net_prio:/user.slice/user-1000.slice
1:name=systemd:/user.slice/user-1000.slice/session-1.scope
ubuntu@ulxc:~$ ls -ld /sys/fs/cgroup/*/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/blkio/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/cpuacct/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/cpu,cpuacct/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/cpuset/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/cpu/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/devices/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/freezer/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/hugetlb/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/memory/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/net_cls,net_prio/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/net_cls/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/net_prio/user.slice/user-1000.slice/
drwxr-xr-x 2 ubuntu root 0 Nov 26 10:41
/sys/fs/cgroup/perf_event/user.slice/user-1000.slice/
drwxr-xr-x 4 root root 0 Nov 26 10:33
/sys/fs/cgroup/systemd/user.slice/user-1000.slice/
I'm not sure why my login shell isn't in "cpuset", I'll debug that
still. But I chown'ed /sys/fs/cgroup/cpuset/ to "ubuntu" as well.
But still lxc-start fails:
$ lxc-start -n t1 -F
lxc-start: cgfs.c: lxc_cgroupfs_create: 849 Could not set clone_children to 1
for cpuset hierarchy in parent cgroup.
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/devices/user.slice/user-1000.slice
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/memory/user.slice/user-1000.slice
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/cpuset//user.slice/user-1000.slice
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/cpuset//user.slice
lxc-start: cgfs.c: cgroup_rmdir: 207 Read-only file system - cgroup_rmdir:
failed to delete /sys/fs/cgroup/cpuset/
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/hugetlb/user.slice/user-1000.slice
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/blkio/user.slice/user-1000.slice
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/cpu,cpuacct/user.slice/user-1000.slice
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/freezer/user.slice/user-1000.slice
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/perf_event/user.slice/user-1000.slice
lxc-start: cgfs.c: cgroup_rmdir: 207 Permission denied - cgroup_rmdir: failed
to delete /sys/fs/cgroup/net_cls,net_prio/user.slice/user-1000.slice
lxc-start: start.c: lxc_spawn: 864 failed creating cgroups
Questions:
- Why is it trying to *remove* the existing cgroups? It sounds wrong to
fuzz around with those, I thought it would merely want and need to
create new cgroups below those? And the ubuntu user can definitively do
that:
ubuntu@ulxc:~$ mkdir
/sys/fs/cgroup/cpu,cpuacct/user.slice/user-1000.slice/mygroup
ubuntu@ulxc:~$ ls -ld
/sys/fs/cgroup/cpu,cpuacct/user.slice/user-1000.slice/mygroup
drwxrwxr-x 2 ubuntu ubuntu 0 Nov 26 10:50
/sys/fs/cgroup/cpu,cpuacct/user.slice/user-1000.slice/mygroup
--logpriority debug --logfile /tmp/d doesn't really give much
information either. stracing lxc-start only shows rmdir() whose errors
are shown above, it doesn't have any mkdir() or similar call which would
show an attempt to create new cgroups?
** Also affects: lxc (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: lxc (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1346734
Title:
Unprivileged LXC containers don't work under systemd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1346734/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
