lxc container won't start under Debian Sid

[ne0zer0]

Hi,

I'm trying to start a container under Debian Sid, but it fails.

Here the lxc version :

lxc 1:1.0.7-1 amd64

Here the default.conf

lxc.autodev = 1
lxc.kmsg = 0
lxc.network.type = veth
lxc.network.link = lxcbr0

lxc.network.link = virbr0

lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.id_map = u 0 1214112 65536
lxc.id_map = g 0 1214112 65536

Here the log :

  lxc-start 1422127436.156 INFO     lxc_start_ui - lxc_start.c:main:265 - using rcfile /home/huraira/.local/share/lxc/test/config
  lxc-start 1422127436.156 INFO     lxc_confile - confile.c:config_idmap:1325 - read uid map: type u nsid 0 hostid 1214112 range 65536
  lxc-start 1422127436.156 INFO     lxc_confile - confile.c:config_idmap:1325 - read uid map: type g nsid 0 hostid 1214112 range 65536
  lxc-start 1422127436.157 WARN     lxc_log - log.c:lxc_log_init:316 - lxc_log_init called with log already initialized
  lxc-start 1422127436.157 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpu unknown to /home/huraira/.local/share/lxc test
  lxc-start 1422127436.157 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup perf_event unknown to /home/huraira/.local/share/lxc test
  lxc-start 1422127436.157 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup blkio unknown to /home/huraira/.local/share/lxc test
  lxc-start 1422127436.157 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup freezer unknown to /home/huraira/.local/share/lxc test
  lxc-start 1422127436.157 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup cpuset unknown to /home/huraira/.local/share/lxc test
  lxc-start 1422127436.157 WARN     lxc_cgfs - cgfs.c:lxc_cgroup_get_container_info:1100 - Not attaching to cgroup devices unknown to /home/huraira/.local/share/lxc test
  lxc-start 1422127436.157 INFO     lxc_lsm - lsm/lsm.c:lsm_init:48 - LSM security driver nop
  lxc-start 1422127436.158 DEBUG    lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/2' (5/6)
  lxc-start 1422127436.158 DEBUG    lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/3' (7/8)
  lxc-start 1422127436.158 DEBUG    lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/4' (9/10)
  lxc-start 1422127436.158 DEBUG    lxc_conf - conf.c:lxc_create_tty:3665 - allocated pty '/dev/pts/5' (11/12)
  lxc-start 1422127436.158 INFO     lxc_conf - conf.c:lxc_create_tty:3676 - tty's configured
  lxc-start 1422127436.158 DEBUG    lxc_start - start.c:setup_signal_fd:247 - sigchild handler set
  lxc-start 1422127436.158 DEBUG    lxc_console - console.c:lxc_console_peer_default:500 - opening /dev/tty for console peer
  lxc-start 1422127436.158 INFO     lxc_caps - caps.c:lxc_caps_up:101 - Last supported cap was 36
  lxc-start 1422127436.158 DEBUG    lxc_console - console.c:lxc_console_peer_default:506 - using '/dev/tty' as console
  lxc-start 1422127436.158 DEBUG    lxc_console - console.c:lxc_console_sigwinch_init:179 - 7232 got SIGWINCH fd 17
  lxc-start 1422127436.158 DEBUG    lxc_console - console.c:lxc_console_winsz:88 - set winsz dstfd:14 cols:79 rows:23
  lxc-start 1422127436.437 INFO     lxc_start - start.c:lxc_init:443 - 'test' is initialized
  lxc-start 1422127436.437 DEBUG    lxc_start - start.c:__lxc_start:1058 - Not dropping cap_sys_boot or watching utmp
  lxc-start 1422127436.437 INFO     lxc_start - start.c:lxc_spawn:802 - Cloning a new user namespace
  lxc-start 1422127436.437 INFO     lxc_cgroup - cgroup.c:cgroup_init:62 - cgroup driver cgroupfs initing for test
  lxc-start 1422127436.438 ERROR    lxc_cgfs - cgfs.c:lxc_cgroupfs_create:956 - Permission denied - Could not create cgroup '/user.slice/test' in '/sys/fs/cgroup/devices'.
  lxc-start 1422127436.438 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices/user.slice
  lxc-start 1422127436.438 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuset/
  lxc-start 1422127436.438 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/freezer/
  lxc-start 1422127436.438 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio/
  lxc-start 1422127436.438 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/perf_event/
  lxc-start 1422127436.438 ERROR    lxc_cgfs - cgfs.c:cgroup_rmdir:207 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct,net_cls,net_prio/
  lxc-start 1422127436.438 ERROR    lxc_start - start.c:lxc_spawn:861 - failed creating cgroups
  lxc-start 1422127436.438 ERROR    lxc_start - start.c:__lxc_start:1080 - failed to spawn 'test'
  lxc-start 1422127436.438 WARN     lxc_conf - conf.c:lxc_delete_autodev:1575 - Failed to locate autodev /dev/.lxc and /dev/.lxc/user.
  lxc-start 1422127436.438 ERROR    lxc_start_ui - lxc_start.c:main:342 - The container failed to start.
  lxc-start 1422127436.438 ERROR    lxc_start_ui - lxc_start.c:main:346 - Additional information can be obtained by setting the --logfile and --logpriority options.

[stgraber]

Your user doesn't have write access to its cgroups so LXC can't create the required cgroups (permission denied in the log).

You either need to manually chown all your cgroups (see /proc/self/cgroup) or use something like cgmanager to do that for you.

In either case, not an LXC bug.

[o11c]

Note to future Googlers coming here: you have to restart after installing cgmanager.

[hallyn]

To be more precise, you need to log back in after installing
libpam-cgm. Restarting is an easy way to do that. You can also
just ssh to localhost, log out and back in, or just create a set
of cgroups for your current shell with

sudo cgm create all user
sudo cgm chown all user $(id -u) $(id -g)
cgm movepid all user $$