Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion
  Previous topic | Next topic 
Author Message
rohit507
PostPosted: Sat Dec 27, 2014 12:42 pm 
Offline

Joined: Sat Dec 27, 2014 11:12 am
Posts: 1
I've been trying to get LXC's unprivileged containers working on my VPS and seem to be hitting issues with cgroup permissions.
The entire process works fine for privileged containers, but when I try to start an unprivileged container I get the following

Code:
clack@localhost ~> lxc-start -n clack -d --logfile=log --logpriority=TRACE
lxc-start: The container failed to start.
lxc-start: To get more details, run the container in foreground mode.
lxc-start: Additional information can be obtained by setting the --logfile and --logpriority options.
clack@localhost ~> cat log 
      lxc-start 1419697784.716 INFO     lxc_start_ui - using rcfile /home/clack/.local/share/lxc/clack/config
      lxc-start 1419697784.716 INFO     lxc_confile - read uid map: type u nsid 0 hostid 100000 range 65536
      lxc-start 1419697784.716 INFO     lxc_confile - read uid map: type g nsid 0 hostid 100000 range 65536
      lxc-start 1419697784.717 WARN     lxc_log - lxc_log_init called with log already initialized
      lxc-start 1419697784.718 INFO     lxc_start - closed inherited fd 4
      lxc-start 1419697784.726 INFO     lxc_lsm - LSM security driver nop
      lxc-start 1419697784.727 INFO     lxc_start - closed inherited fd 4
      lxc-start 1419697784.727 DEBUG    lxc_conf - allocated pty '/dev/pts/4' (5/6)
      lxc-start 1419697784.727 DEBUG    lxc_conf - allocated pty '/dev/pts/5' (7/8)
      lxc-start 1419697784.728 DEBUG    lxc_conf - allocated pty '/dev/pts/6' (9/10)
      lxc-start 1419697784.728 DEBUG    lxc_conf - allocated pty '/dev/pts/7' (11/12)
      lxc-start 1419697784.728 INFO     lxc_conf - tty's configured
      lxc-start 1419697784.728 DEBUG    lxc_start - sigchild handler set
      lxc-start 1419697784.728 DEBUG    lxc_console - no console peer
      lxc-start 1419697784.731 INFO     lxc_monitor - using monitor sock name lxc/debd9ceabca2145a//home/clack/.local/share/lxc
      lxc-start 1419697785.096 INFO     lxc_start - 'clack' is initialized
      lxc-start 1419697785.115 DEBUG    lxc_start - Not dropping cap_sys_boot or watching utmp
      lxc-start 1419697785.115 INFO     lxc_start - Cloning a new user namespace
      lxc-start 1419697785.115 INFO     lxc_cgroup - cgroup driver cgmanager initing for clack
      lxc-start 1419697785.116 ERROR    lxc_cgmanager - call to cgmanager_create_sync failed: invalid request
      lxc-start 1419697785.117 ERROR    lxc_cgmanager - Failed to create perf_event:clack
      lxc-start 1419697785.117 ERROR    lxc_cgmanager - Error creating cgroup perf_event:clack
      lxc-start 1419697785.117 INFO     lxc_cgmanager - cgroup removal attempt: perf_event:clack did not exist
      lxc-start 1419697785.117 INFO     lxc_cgmanager - cgroup removal attempt: blkio:clack did not exist
      lxc-start 1419697785.117 INFO     lxc_cgmanager - cgroup removal attempt: net_cls:clack did not exist
      lxc-start 1419697785.117 INFO     lxc_cgmanager - cgroup removal attempt: freezer:clack did not exist
      lxc-start 1419697785.118 INFO     lxc_cgmanager - cgroup removal attempt: devices:clack did not exist
      lxc-start 1419697785.118 INFO     lxc_cgmanager - cgroup removal attempt: cpuacct:clack did not exist
      lxc-start 1419697785.118 INFO     lxc_cgmanager - cgroup removal attempt: cpu:clack did not exist
      lxc-start 1419697785.118 INFO     lxc_cgmanager - cgroup removal attempt: debug:clack did not exist
      lxc-start 1419697785.119 INFO     lxc_cgmanager - cgroup removal attempt: name=systemd:clack did not exist
      lxc-start 1419697785.119 INFO     lxc_cgmanager - cgroup removal attempt: cpuset:clack did not exist
      lxc-start 1419697785.119 ERROR    lxc_start - failed creating cgroups
      lxc-start 1419697785.119 ERROR    lxc_start - failed to spawn 'clack'
      lxc-start 1419697785.119 WARN     lxc_commands - command get_init_pid failed to receive response
      lxc-start 1419697785.120 WARN     lxc_cgmanager - do_cgm_get exited with error
      lxc-start 1419697790.126 ERROR    lxc_start_ui - The container failed to start.
      lxc-start 1419697790.126 ERROR    lxc_start_ui - To get more details, run the container in foreground mode.
      lxc-start 1419697790.126 ERROR    lxc_start_ui - Additional information can be obtained by setting the --logfile and --logpriority options.


This seems to imply a permissions issue with my user and cgroup creation. When I try to look at the relevant cgroup permissions I see the following.

Code:
root@localhost ~# cat /proc/self/cgroup 
11:perf_event:/user/0.user/2.session
10:blkio:/user/0.user/2.session
9:net_cls:/user/0.user/2.session
8:freezer:/user/0.user/2.session
7:devices:/user/0.user/2.session
6:cpuacct:/user/0.user/2.session
5:cpu:/user/0.user/2.session
4:debug:/user/0.user/2.session
3:name=systemd:/user/0.user/2.session
2:cpuset:/user/0.user/2.session


Given that my user's UID and GID is 1000 this seems wrong. Only root looks like it has permissions. When I try to manually add permissions with cgm I get the following:

Code:
root@localhost ~# cgm create all clack
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1
method return sender=(null sender) -> dest=(null destination) reply_serial=1
   int32 1


which looks to me like a dbus error, and trying to start dbus-monitor to see if the IPC mechanism is running gets me the following:

Code:
root@localhost ~# dbus-monitor 
Failed to open connection to session bus: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11


Which just flummoxes me. Why does dbus need an XDisplay? and more importantly how do I fix this?

I've tried setting things up with xvfb so that there's a virtual frame-buffer for the dbus deamon to use, but my attempts
seem to make it inaccessible to process that aren't started with xvfb-run.
Not to mention this seems like an incredibly hacky solution to the problem anyway, honestly I"m not really sure what's
available to fix the problem or where the issue actually lies.

I've also performed all the steps recommended here viewtopic.php?f=23&t=11019 .
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » General Discussion


Who is online

Users browsing this forum: No registered users and 5 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group