Le 29/10/2010 15:59, Daniel P. Berrange a écrit :
On Fri, Oct 29, 2010 at 03:41:25PM +0200, Jean-Philippe Menil wrote:Le 29/10/2010 14:51, Serge Hallyn a écrit :Quoting Jean-Philippe Menil (jean-philippe.me...@univ-nantes.fr):10:41:10.076: error : lxcContainerStart:858 : Failed to run clone container: Operation not permittedI would guess that the libvirt process creating the container has dropped some of the needed capabilities (CAP_SYS_ADMIN and a few others). Is libvirtd running as root? What does /proc/$$/status for that process show?Hi, libvirt is running as root. r...@redbreast:/tmp# ps aux | grep libvirtd | grep -v grep root 15718 0.0 0.0 157760 2924 ? Sl 15:35 0:00 /usr/sbin/libvirtd -d r...@redbreast:/tmp# cat /proc/15718/status Name: libvirtd State: S (sleeping) Tgid: 15718 Pid: 15718 PPid: 1 TracerPid: 0 Uid: 0 0 0 0 Gid: 0 0 0 0 FDSize: 64 Groups: 0 VmPeak: 181892 kB VmSize: 157760 kB VmLck: 0 kB VmHWM: 2924 kB VmRSS: 2924 kB VmData: 115012 kB VmStk: 136 kB VmExe: 792 kB VmLib: 6372 kB VmPTE: 124 kB VmSwap: 0 kB Threads: 7 SigQ: 2/16382 SigPnd: 0000000000000000 ShdPnd: 0000000000000000 SigBlk: 0000000000000000 SigIgn: 0000000000001000 SigCgt: 0000000180014007 CapInh: 0000000000000000 CapPrm: ffffffffffffffff CapEff: ffffffffffffffff CapBnd: ffffffffffffffff Cpus_allowed: ffff Cpus_allowed_list: 0-15 Mems_allowed: 00000000,00000003 Mems_allowed_list: 0-1 voluntary_ctxt_switches: 321 nonvoluntary_ctxt_switches: 7 and r...@redbreast:/tmp# cat /proc/15718/cgroup 1:blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,debug,cpuset:/The problem is probably the 'blkio' controller combined with the 'ns' controller. The 'blkio' controller will refuse to allow creation of any child cgroups. This will cause the libvirt warning you see below. It will also break the 'ns' cgroup, because that *requires* that you can create child cgroups when creating a new container.r...@redbreast:/tmp# mount | grep cgroup none on /var/local/cgroup type cgroup (rw) In the log, i can find the following: 15:35:58.853: debug : virCgroupMakeGroup:496 : Make controller /var/local/cgroup/libvirt/lxc/ 15:35:58.853: warning : lxcStartup:2109 : Unable to create cgroup for driver: Operation not permittedDaniel
Yes, you are right. Removing the blk_cgroup module, and now everything work's fine. Many thanks for your help. Regards.
<<attachment: jean-philippe_menil.vcf>>
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list