Control: reassign -1 lxc
As discussed on #debian-release, I'm going to reassign this bug report
to lxc as peb has plans to add a helper script which intends to improve
the user experience when running unprivileged containers under cgroupv2.
Quoting the relevant part from IRC:
my reason for
Am 08.06.2021 um 19:05 schrieb Matt Corallo:
On 6/8/21 12:31, Michael Biebl wrote:
Am 08.06.2021 um 18:08 schrieb Matt Corallo:
Hmmm, with set-linger and --scope I can't seem to reproduce now
either, its possible I had forgotten the --scope at some point while
testing set-linger before,
Am 08.06.2021 um 20:12 schrieb Matt Corallo:
On 6/8/21 14:02, Michael Biebl wrote:
Is there an alternate way to run things that lxc should instead be
recommending? In my interactions with the lxc folks it seems this
workaround is only relevant for Debian bullseye, so maybe other
distros are
Am 07.06.2021 um 21:20 schrieb Matt Corallo:
Is there any further information I can provide to help debug this (or
should it get a -moreinfo)?
Note that of interest may be that the workaround of spawning in a screen
session only works if lxc-start is passed the -F command which places it
in
On 6/8/21 14:02, Michael Biebl wrote:
Is there an alternate way to run things that lxc should instead be recommending? In my interactions with the lxc folks
it seems this workaround is only relevant for Debian bullseye, so maybe other distros are patching systemd or changing
cgroup settings
Am 08.06.2021 um 19:05 schrieb Matt Corallo:
On 6/8/21 12:31, Michael Biebl wrote:
Am 08.06.2021 um 18:08 schrieb Matt Corallo:
Hmmm, with set-linger and --scope I can't seem to reproduce now
either, its possible I had forgotten the --scope at some point while
testing set-linger before,
On 6/8/21 12:31, Michael Biebl wrote:
Am 08.06.2021 um 18:08 schrieb Matt Corallo:
Hmmm, with set-linger and --scope I can't seem to reproduce now either, its possible I had forgotten the --scope at
some point while testing set-linger before, sorry for the noise here.
Still, based on my
Am 08.06.2021 um 18:31 schrieb Michael Biebl:
Am 08.06.2021 um 18:08 schrieb Matt Corallo:
Hmmm, with set-linger and --scope I can't seem to reproduce now
either, its possible I had forgotten the --scope at some point while
testing set-linger before, sorry for the noise here.
Still, based on
Am 08.06.2021 um 18:08 schrieb Matt Corallo:
Hmmm, with set-linger and --scope I can't seem to reproduce now either,
its possible I had forgotten the --scope at some point while testing
set-linger before, sorry for the noise here.
Still, based on my read of #825394, it seems like it should be
Hmmm, with set-linger and --scope I can't seem to reproduce now either, its possible I had forgotten the --scope at some
point while testing set-linger before, sorry for the noise here.
Still, based on my read of #825394, it seems like it should be the case that you do not need set-linger and
Am 08.06.21 um 16:23 schrieb Michael Biebl:
Am 08.06.21 um 16:19 schrieb Michael Biebl:
After enabling "linger" for that user, the systemd --user session was
not stopped anymore after logging out and the container continued
running.
# systemd-cgls
Attaching output as file, to avoid it
Am 08.06.21 um 16:19 schrieb Michael Biebl:
After enabling "linger" for that user, the systemd --user session was
not stopped anymore after logging out and the container continued running.
# systemd-cgls
Control group /:
-.slice
├─user.slice
│ ├─user-0.slice
│ │ ├─session-1.scope
│ │ │ ├─
Control: tags -1 + unreproducible
So, I've been following the instructions in
/usr/share/doc/lxc/README.Debian to allow unprivileged containers.
After that, I could successfully run a container. I used the command
line as suggested in that README.Debian:
$ systemd-run --scope --quiet
Am 01.06.21 um 17:26 schrieb Matt Corallo:
lxc-start --name fuzzer --
/usr/sbin/sshd -D` command to spawn it, then log out of the ssh session
What's the output of
systemctl --user status fuzzer.service
systemctl --user show fuzzer.service
and loginctl user-status 1000
after you've logged out
Am 01.06.21 um 17:26 schrieb Matt Corallo:
The above command paste should basically do it, eg install lxc, then
`lxc-create --name fuzzer -t download` to create a (debian) container,
then install sshd inside of it via apt, then run the `systemd-run --user
-p "Delegate=yes" --unit=fuzzer --
Is there any further information I can provide to help debug this (or should it
get a -moreinfo)?
Note that of interest may be that the workaround of spawning in a screen session only works if lxc-start is passed the
-F command which places it in the foreground (though sshd still gets the -D
> Is your sshd configured to use PAM?
Yes, "UsePAM yes" is in the sshd_config (I don't believe I've changed that, it
appears to be the default?).
> So, you log in via ssh, then start a (second) sshd process (inside a lxc
container) via the above command?
That is correct, yes.
> Would be
Am 01.06.2021 um 17:18 schrieb Michael Biebl:
Am 01.06.2021 um 16:24 schrieb Matt Corallo:
No, the shell is spawned from sshd (and almost nothing else running on
the host).
On 6/1/21 04:22, Michael Biebl wrote:
Control: tags -1 + moreinfo
Am 01.06.2021 um 02:37 schrieb Matt Corallo:
After
Am 01.06.2021 um 16:24 schrieb Matt Corallo:
No, the shell is spawned from sshd (and almost nothing else running on
the host).
On 6/1/21 04:22, Michael Biebl wrote:
Control: tags -1 + moreinfo
Am 01.06.2021 um 02:37 schrieb Matt Corallo:
After upgrading to bullseye on a test machine,
Am 01.06.2021 um 16:24 schrieb Matt Corallo:
No, the shell is spawned from sshd (and almost nothing else running on
the host).
Is your sshd configured to use PAM?
Once you started the process, can you create a
systemd-cgls output and attach it to this bug report.
OpenPGP_signature
Please see the issue description - `loginctl enable-linger` does not change the behavior. The suggestions in
systemd-run's manpage for how to address this issue do not work.
On 6/1/21 07:15, Ansgar wrote:
On Mon, 2021-05-31 at 20:37 -0400, Matt Corallo wrote:
[1] eg systemd-run --user -p
No, the shell is spawned from sshd (and almost nothing else running on the
host).
On 6/1/21 04:22, Michael Biebl wrote:
Control: tags -1 + moreinfo
Am 01.06.2021 um 02:37 schrieb Matt Corallo:
After upgrading to bullseye on a test machine, spawning an lxc container with systemd-run[1] still
On Mon, 2021-05-31 at 20:37 -0400, Matt Corallo wrote:
> [1] eg systemd-run --user -p "Delegate=yes" --unit=fuzzer -- lxc-
> start --name fuzzer -- /usr/sbin/sshd -D
I think this is treated like a user .service unit.
So what happen should be: user logs out and no processes are left as
part of
Am 01.06.2021 um 10:22 schrieb Michael Biebl:
Are you using a desktop environment to start your shell/terminal?
If so, which desktop environment is it exactly? Which terminal emulator
do you use?
I suspect this is a duplicate of
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=946645
Control: tags -1 + moreinfo
Am 01.06.2021 um 02:37 schrieb Matt Corallo:
After upgrading to bullseye on a test machine, spawning an lxc container
with systemd-run[1] still kills the lxc container after the spawning
shell is closed (and the user logs out). No only does the lxc container
Package: systemd
Version: 247.3-5
After upgrading to bullseye on a test machine, spawning an lxc container with systemd-run[1] still kills the lxc
container after the spawning shell is closed (and the user logs out). No only does the lxc container eventually get
killed, but systemd refuses any
26 matches
Mail list logo