Linas Vepstas <linasveps...@gmail.com> wrote on 07/02/2023 at 00:35:18+0100:
> There is nothing in /usr/share/doc/lxc/README.Debian.gz that provides > the work-around. I am using containers managed by root, started when > the OS boots. > > su - root and then lxc-ls -f reports > > NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED > bind-base STOPPED 0 - - - false > > Note the right-most column. Nothing in the README about "unprivileged > containers" would seem to apply. > > apparmor is not installed on this system. > > The only work-around given in the two github issues is to set I also succeed at running privileged containers on my system. Could you print your container config to me please? It's possible some things in your config are conflicting with cgroups v2. > GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false > > in /etc/default/grub.d/cgroup.cfg and the Debian README does not mention this > work-around. > > Perhaps it is possible to put systemd.unified_cgroup_hierarchy=false > into /etc/sysctl.conf ? Or perhaps some other config file? systemd.unified_cgroup_hierarchy=false looks like a kernel command line, I doubt it can be done after having booted. > There is another work-around: > > mkdir -p /sys/fs/cgroup/systemd && mount -t cgroup cgroup -o > none,name=systemd /sys/fs/cgroup/systemd > > However, sticking this mkdir into some /etc/init.d file does not seem > plausible for a server; it feels too hacky. -- PEB
signature.asc
Description: PGP signature