Bug#1030389: marked as done (lxc: Conflict with new systemd cgroup unified hierarchy)

[Debian Bug Tracking System]

Your message dated Wed, 24 Apr 2024 17:28:17 +0200
with message-id <87o79yg4q6....@daath.pimeys.fr>
and subject line Re: [pkg-lxc-devel] Bug#1030389: lxc: Conflict with new 
systemd cgroup unified hierarchy
has caused the Debian Bug report #1030389,
regarding lxc: Conflict with new systemd cgroup unified hierarchy
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1030389: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030389
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: lxc
Version: 1:4.0.6-2+deb11u1
Severity: important
Tags: newcomer
X-Debbugs-Cc: linasveps...@gmail.com

Dear Maintainer,

Hit the bug described here:

https://github.com/systemd/systemd/issues/13477

and also here:

https://github.com/lxc/lxc/issues/4072

According the the first github report, sometime around 2019 or earlier,
'systemd now defaults to the "unified" cgroup hierarchy setup' as
explained in the second comment.  This means that the directory entry
`/sys/fs/cgroup/systemd` is now missing. This prevents LXC containers
from booting, as explained in the second github report. Running
`lxc-start -F <my-container>` reveals the error message:
```
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted 
```

There are two known work-arounds, I can confirm that both work. One is
to create the missing cgroup entry mainually:
```
mkdir -p /sys/fs/cgroup/systemd && mount -t cgroup cgroup -o none,name=systemd 
/sys/fs/cgroup/systemd
```

which is stunningly hacky and inadvisable, but it does confirm the
root cause of the problem: that directory is missing.

The other work-around is to boot the host and disable the unified
hierarchy, like so:
```
# echo 'GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false' > 
/etc/default/grub.d/cgroup.cfg
# update-grub
# shutdown -r now
```

Both of these work for me.  LXC is 100% unusable without this. How is
it possible that this has not been reported to Debian before? Am I the
only person on the planet using LXC on Debian???


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.0.0-0.deb11.6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  bridge-utils                 1.7-1
ii  debconf [debconf-2.0]        1.5.77
ii  dnsmasq-base [dnsmasq-base]  2.85-1
ii  iproute2                     5.10.0-4
ii  iptables                     1.8.7-1
ii  libc6                        2.31-13+deb11u5
ii  libcap2                      1:2.44-1
ii  libgcc-s1                    10.2.1-6
ii  liblxc1                      1:4.0.6-2+deb11u1
ii  libseccomp2                  2.5.1-1+deb11u1
ii  libselinux1                  3.1-3
ii  lsb-base                     11.1.0

Versions of packages lxc recommends:
ii  apparmor       2.13.6-10
ii  debootstrap    1.0.123+deb11u1
ii  dirmngr        2.2.27-2+deb11u2
ii  gnupg          2.2.27-2+deb11u2
ii  libpam-cgfs    1:4.0.6-2+deb11u1
ii  lxc-templates  3.0.4-5
ii  lxcfs          4.0.7-1
ii  openssl        1.1.1n-0+deb11u3
ii  rsync          3.2.3-4+deb11u1
ii  uidmap         1:4.8.1-1
ii  wget           1.21-1+deb11u1

Versions of packages lxc suggests:
ii  btrfs-progs  5.10.1-2
pn  lvm2         <none>
pn  python3-lxc  <none>

-- debconf information:
  lxc/auto_update_config:

--- End Message ---

--- Begin Message ---

Control: tags -1 +wontfix

Linas Vepstas <linasveps...@gmail.com> wrote on 04/02/2023 at 00:17:36+0200:

> Package: lxc
> Version: 1:4.0.6-2+deb11u1
> Severity: important
> Tags: newcomer
> X-Debbugs-Cc: linasveps...@gmail.com
>
> Dear Maintainer,
>
> Hit the bug described here:
>
> https://github.com/systemd/systemd/issues/13477
>
> and also here:
>
> https://github.com/lxc/lxc/issues/4072
>
> According the the first github report, sometime around 2019 or earlier,
> 'systemd now defaults to the "unified" cgroup hierarchy setup' as
> explained in the second comment.  This means that the directory entry
> `/sys/fs/cgroup/systemd` is now missing. This prevents LXC containers
> from booting, as explained in the second github report. Running
> `lxc-start -F <my-container>` reveals the error message:
> ```
> Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted 
> ```
>
> There are two known work-arounds, I can confirm that both work. One is
> to create the missing cgroup entry mainually:
> ```
> mkdir -p /sys/fs/cgroup/systemd && mount -t cgroup cgroup -o 
> none,name=systemd /sys/fs/cgroup/systemd
> ```
>
> which is stunningly hacky and inadvisable, but it does confirm the
> root cause of the problem: that directory is missing.
>
> The other work-around is to boot the host and disable the unified
> hierarchy, like so:
> ```
> # echo 'GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false' > 
> /etc/default/grub.d/cgroup.cfg
> # update-grub
> # shutdown -r now
> ```
>
> Both of these work for me.  LXC is 100% unusable without this. How is
> it possible that this has not been reported to Debian before? Am I the
> only person on the planet using LXC on Debian???
>
>
> -- System Information:
> Debian Release: 11.6
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 
> 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 6.0.0-0.deb11.6-amd64 (SMP w/4 CPU threads; PREEMPT)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not 
> set
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages lxc depends on:
> ii  bridge-utils                 1.7-1
> ii  debconf [debconf-2.0]        1.5.77
> ii  dnsmasq-base [dnsmasq-base]  2.85-1
> ii  iproute2                     5.10.0-4
> ii  iptables                     1.8.7-1
> ii  libc6                        2.31-13+deb11u5
> ii  libcap2                      1:2.44-1
> ii  libgcc-s1                    10.2.1-6
> ii  liblxc1                      1:4.0.6-2+deb11u1
> ii  libseccomp2                  2.5.1-1+deb11u1
> ii  libselinux1                  3.1-3
> ii  lsb-base                     11.1.0
>
> Versions of packages lxc recommends:
> ii  apparmor       2.13.6-10
> ii  debootstrap    1.0.123+deb11u1
> ii  dirmngr        2.2.27-2+deb11u2
> ii  gnupg          2.2.27-2+deb11u2
> ii  libpam-cgfs    1:4.0.6-2+deb11u1
> ii  lxc-templates  3.0.4-5
> ii  lxcfs          4.0.7-1
> ii  openssl        1.1.1n-0+deb11u3
> ii  rsync          3.2.3-4+deb11u1
> ii  uidmap         1:4.8.1-1
> ii  wget           1.21-1+deb11u1
>
> Versions of packages lxc suggests:
> ii  btrfs-progs  5.10.1-2
> pn  lvm2         <none>
> pn  python3-lxc  <none>
>
> -- debconf information:
>   lxc/auto_update_config:
>
> _______________________________________________
> Pkg-lxc-devel mailing list
> pkg-lxc-de...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-lxc-devel

--- End Message ---