Fix typo in lxc.cgroup config breaking lxc >= 4.0.9

[pabloyoyoista]

Closes #1801

LXC 4.0.9 is a LTS and should not have any breaking change in behavior. I believe that the issue in #1801 is due to a typo in the original configuration. At least since version 2.0.0 (I checked the docs in lxc for the corresponding tag), lxc.group.devices has not been a valid configuration, but lxc.cgroup.devices instead. I guess there was some bug that silently ignored that invalid configuration previously to 4.0.9

[Atemu]

Have you verified this works? I tried playing around with this config flag's name too but it didn't make a difference. I was on 4.0.8 though, not 4.0.9.

[pabloyoyoista]

No, I have not been able to test it. Very similar patches have been proposed in the linked issue and alpine linux, which are reported to work.

[Atemu]

Neither of those are working for me; might be my setup though at this point.

[ahmubashshir]

@pablofsf, you didn't set lxc.cgroup2.devices... alpine is setting them to empty string.

--- a/src/anbox/container/lxc_container.cpp
+++ b/src/anbox/container/lxc_container.cpp
@@ -343,8 +343,10 @@ void LxcContainer::start(const Configura
   set_config_item(lxc_config_tty_max_key, "0");
   set_config_item(lxc_config_uts_name_key, "anbox");
 
-  set_config_item("lxc.group.devices.deny", "");
-  set_config_item("lxc.group.devices.allow", "");
+  set_config_item("lxc.cgroup.devices.deny", "");
+  set_config_item("lxc.cgroup.devices.allow", "");
+  set_config_item("lxc.cgroup2.devices.deny", "");
+  set_config_item("lxc.cgroup2.devices.allow", "");
 
   // We can't move bind-mounts, so don't use /dev/lxc/
   set_config_item(lxc_config_tty_dir_key, "");

[pabloyoyoista]

@ahmubashshir, the reason was that it felt like doing two things in the same commit (fix typo and add cgroupv2 support), but being such a small change should be fine, so I added it.

Just in case somebody wonders why lxc.group.devices.allow would fail and lxc.cgroup.devices.allow works even if the system does not support the legacy cgroup hierarchy. Quoting from lxc.containers.conf manual page: "Note that LXC will ignore lxc.cgroup. settings on systems that only use the unified hierarchy. Conversely, it will ignore lxc.cgroup2. options on systems that only use legacy hierachies."

[JuniorJPDJ]

anyone tested newer version if it's working?

[ahmubashshir]

I'm using anbox with lxc#master and alpines patch. Mubashshir

…

On Wed, Jun 23 2021 at 05:01:56 PM -0700, JuniorJPDJ ***@***.***> wrote: anyone tested newer version if it's working? — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1827 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AF5WM3Q7KBTSR4YRRMX7K6LTUJYXJANCNFSM46HK5L7A>.

[JuniorJPDJ]

Well, so we are just waiting for this to get merged.. ;/

[morphis]

LGTM, thanks!

Once CI approves we can get this in.

[JuniorJPDJ]

Wohoo :D

[JuniorJPDJ]

Hey, it passed almost a week ago.

[JuniorJPDJ]

@morphis could you merge it? Patching it myself is annoying.

[JuniorJPDJ]

What the hell? Still not merged?

[Fuseteam]

@morphis did the CI approve?

[JuniorJPDJ]

Bump? :X

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[Fuseteam]

Still approved 🤔