Package: lxc
Version: 0.9.0~alpha3-2+deb8u1
Severity: important
Dear Maintainer,
>From some time now (sorry not being able to be more precise - I can only tell
the container has not been running since March 7th) I cannot start the LXC
container I have on my jessie-powered laptop.
# lxc-start -n test-lxc -f /var/lib/lxc/test-lxc/config
lxc-start: no ns_cgroup option specified
lxc-start: failed to spawn 'test-lxc'
lxc-start: No such file or directory - failed to remove cgroup
'/sys/fs/cgroup/cpuset//lxc/test-lxc'
These are the mounted cgroups, according to mount:
# mount | grep cgroup
cgroup on /sys/fs/cgroup type tmpfs (rw,relatime,mode=755)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu type cgroup (rw,relatime,cpu)
cgroup on /sys/fs/cgroup/cpuacct type cgroup (rw,relatime,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,relatime,freezer)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,relatime,perf_event)
cgroup_root on /sys/fs/cgroup type tmpfs (rw,relatime)
cgroup_memory on /sys/fs/cgroup/memory type cgroup
(rw,nosuid,nodev,noexec,relatime,memory)
cgroup_devices on /sys/fs/cgroup/devices type cgroup
(rw,nosuid,nodev,noexec,relatime,devices)
and this is /proc/cgroups content:
# cat /proc/cgroups
#subsys_name hierarchy num_cgroups enabled
cpuset 2 1 1
cpu 3 1 1
cpuacct 4 1 1
memory 5 1 1
devices 6 1 1
freezer 7 1 1
blkio 8 1 1
perf_event 9 1 1
and, to be complete :
# tree /sys/fs/cgroup/
/sys/fs/cgroup/
|-- devices
| |-- cgroup.clone_children
| |-- cgroup.event_control
| |-- cgroup.procs
| |-- cgroup.sane_behavior
| |-- devices.allow
| |-- devices.deny
| |-- devices.list
| |-- notify_on_release
| |-- release_agent
| `-- tasks
`-- memory
|-- cgroup.clone_children
|-- cgroup.event_control
|-- cgroup.procs
|-- cgroup.sane_behavior
|-- memory.failcnt
|-- memory.force_empty
|-- memory.limit_in_bytes
|-- memory.max_usage_in_bytes
|-- memory.move_charge_at_immigrate
|-- memory.oom_control
|-- memory.pressure_level
|-- memory.soft_limit_in_bytes
|-- memory.stat
|-- memory.swappiness
|-- memory.usage_in_bytes
|-- memory.use_hierarchy
|-- notify_on_release
|-- release_agent
`-- tasks
As for the kernel cmdline :
# cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-3.13-1-686-pae
root=UUID=984f719f-8c9c-4686-8218-ee9657c96204 ro cgroup_enable=memory quiet
/etc/fstab does not contains cgroup stuff any more since it tented to conflict
with libvirtd (I'm using KVM virtual machine at times). The cgroups, AFAICT,
are created through libvirt-bin and cgroupfs-mount packages init.d scripts.
Actually, lxc-checkconfig reports about missing "Cgroup namespace" :
Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.13-1-686-pae
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled
--- Control groups ---
Cgroup: enabled
Cgroup namespace: required
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled
--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled
Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
Trying to create the ns cgroup manually (after reading libvirtd-bin init.d
script) fails also :
# mkdir /sys/fs/cgroup/ns
# mount -t cgroup -o rw,nosuid,nodev,noexec,relatime,ns "cgroup_ns"
"/sys/fs/cgroup/ns"
mount: special device cgroup_ns does not exist
Finally, this is the config file for this container:
# Template used to create this container: debian
# Template script checksum (SHA-1): 33e3fc0cb7e2809453c36e81fe0fe4aa5542c208
lxc.network.type = empty
lxc.rootfs = /var/lib/lxc/test-lxc/rootfs
lxc.tty = 4
lxc.pts = 1024
lxc.utsname = test-lxc
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
# mounts point
lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
lxc.mount.entry = sysfs sys sysfs defaults 0 0
I made some googling to no avail then sent this message to the lxc-users list a
few days ago and Serge Hallyn sent the following reply:
Try a newer lxc. You don't actually need ns_cgroup, but in the version
you have it is objecting bc it finds neither ns cgroup *nor* the
cgroup.clone_children file. The latter *should* exist (i.e.
/sys/fs/cgroup/cpuset/cgroup.clone_children), so it's probably a bug
in that particular lxc version..
I just tried installing current sid version of lxc (1.0.0-8), with no more
success:
# lxc-start -n test-lxc -f /var/lib/lxc/test-lxc/config
lxc-start: No such file or directory - Could not create cgroup /lxc
lxc-start: cgroup_rmdir: failed to open /sys/fs/cgroup/perf_event/
lxc-start: cgroup_rmdir: failed to open /sys/fs/cgroup/blkio/
lxc-start: cgroup_rmdir: failed to open /sys/fs/cgroup/freezer/
lxc-start: Device or resource busy - cgroup_rmdir: failed to delete
/sys/fs/cgroup/devices/
lxc-start: Device or resource busy - cgroup_rmdir: failed to delete
/sys/fs/cgroup/memory/
lxc-start: cgroup_rmdir: failed to open /sys/fs/cgroup/cpuacct/
lxc-start: cgroup_rmdir: failed to open /sys/fs/cgroup/cpu/
lxc-start: cgroup_rmdir: failed to open /sys/fs/cgroup/cpuset/
lxc-start: failed creating cgroups
lxc-start: failed to spawn 'test-lxc'
I wonder if this could come from some conflicts between cgroups handling from
lxc vs. libvirt & Co...
Thanks in advance for any explanation,
Patrice
-- System Information:
Debian Release: jessie/sid
APT prefers testing-proposed-updates
APT policy: (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.13-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) (ignored: LC_ALL
set to fr_FR.utf8)
Shell: /bin/sh linked to /bin/dash
Versions of packages lxc depends on:
ii libapparmor1 2.8.0-5+b1
ii libc6 2.18-4
ii libcap2 1:2.22-1.2
ii multiarch-support 2.18-4
Versions of packages lxc recommends:
ii debootstrap 1.0.59
ii libcap2-bin 1:2.22-1.2
lxc suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
