Package: cgroup-tools Version: 0.41-8 Severity: important I use cgrulesengd to automatically move processes owned by my user (karimo) into corresponding cgroup trees. I am using systemd 233-9 without cgmanager.
I've created the groups by using cgconfigparser /usr/sbin/cgconfigparser -l /etc/cgconfig.conf -s 1664 with the following configuration: ------------------------------------------- $ cat /etc/cgconfig.conf group karimo { perm { task { uid = karimo; gid = karimo; } admin { uid = karimo; gid = karimo; } } cpu {} blkio {} cpuacct {} cpuset { cgroup.clone_children = 1; cpuset.mems = 0; cpuset.cpus = 0-3; } devices {} freezer {} perf_event {} net_cls {} net_prio {} memory { memory.use_hierarchy = 1; } } ------------------------------------------- I then use cgrulesengd to automatically move my processes into those. ------------------------------------------- $ cat /etc/cgrules.conf # <user>:<process_name> <controllers> <destination> karimo * karimo ------------------------------------------- But the daemon fails to move under perf_event and freezer! ------------------------------------------- $ cat /proc/self/cgroup 10:perf_event:/ 9:freezer:/ 8:pids:/user.slice/user-1000.slice/session-2.scope 7:blkio:/karimo 6:memory:/karimo 5:devices:/karimo 4:cpu,cpuacct:/karimo 3:cpuset:/karimo 2:net_cls,net_prio:/karimo 1:name=systemd:/user.slice/user-1000.slice/session-2.scope 0::/user.slice/user-1000.slice/session-2.scope ------------------------------------------- I can confirm that the cgroups are mounted and the trees correctly created by cgconfigparser: ------------------------------------------- $ mount | grep -E 'freezer|perf_event' cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) $ find /sys/fs/cgroup/ -type d -name 'karimo' /sys/fs/cgroup/perf_event/karimo /sys/fs/cgroup/freezer/karimo /sys/fs/cgroup/blkio/karimo /sys/fs/cgroup/memory/karimo /sys/fs/cgroup/devices/karimo /sys/fs/cgroup/cpu,cpuacct/karimo /sys/fs/cgroup/cpuset/karimo /sys/fs/cgroup/net_cls,net_prio/karimo ------------------------------------------- Do you know what is causing this? It is preventing me to run unpriviledged LXC containers. -- Package-specific info: -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages cgroup-tools depends on: ii libc6 2.24-12 ii libcgroup1 0.41-8 cgroup-tools recommends no packages. cgroup-tools suggests no packages. -- no debconf information