Re: [lxc-users] Problems with user sessions inside a Ubuntu Desktop Container
Quoting Alain St-Denis (al...@zenfolie.org): > Hi, > > I experience the exact same problem. Similar setup (wily host, elementary > freya container). No user session is created when I login the desktop so > polkit won't grant elevated privileges. > > In the container, /proc/1/cgroup shows: > > 10:cpu,cpuacct:/lxc/topaze > 9:freezer:/lxc/topaze > 8:devices:/lxc/topaze > 7:memory:/lxc/topaze > 6:cpuset:/lxc/topaze > 5:net_cls,net_prio:/lxc/topaze > 4:hugetlb:/lxc/topaze > 3:perf_event:/lxc/topaze > 2:blkio:/lxc/topaze > 1:name=systemd:/lxc/topaze > > In the container auth.log, I see those lines: > > Jan 24 15:20:09 topaze systemd-logind[1739]: cgmanager: cgm_list_children for > controller=systemd, cgroup_path=lxc/topaze/user failed: invalid request > Jan 24 15:20:09 topaze systemd-logind[1739]: New seat seat0. > Jan 24 15:20:09 topaze systemd-logind[1739]: Preallocating VTs... > Jan 24 15:20:09 topaze systemd-logind[1739]: systemd-logind running as pid > 1739 > Jan 24 15:20:11 topaze lightdm: pam_systemd(lightdm-greeter:session): Failed > to create session: Invalid argument > > The container runs cgproxy. > > On the host, cgmanager reports: > > jan 24 15:20:09 opale cgmanager[952]: cgmanager: Invalid path > /run/cgmanager/fs/none,name=systemd//lxc/topaze/lxc/topaze/user (No such file > or directory) > jan 24 15:20:09 opale cgmanager[952]: cgmanager:list_children_main: Could not > determine the requested cgroup (systemd:lxc/topaze/user) > jan 24 15:20:09 opale cgmanager[952]: cgmanager: Error getting children for > systemd:lxc/topaze/user for pid 2095 > > Does anybody have a hint on what causes this cgroup path duplication > (lxc/topaze/lxc/topaze)? I suspect it may have something to do with the issue. I don't know what elementary freya is, but maybe this is a bug in the systemd package there. Get the cgroxy logs (start it with --debug), and see what calls are being made to it. Better yet strace the login process (maybe start with the getty or sshd). If it is reading the cgroup path from /proc/self/cgroup and then using cgmanager to movepid to something based on that, that's wrong. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Problems with user sessions inside a Ubuntu Desktop Container
Hi, I experience the exact same problem. Similar setup (wily host, elementary freya container). No user session is created when I login the desktop so polkit won't grant elevated privileges. In the container, /proc/1/cgroup shows: 10:cpu,cpuacct:/lxc/topaze 9:freezer:/lxc/topaze 8:devices:/lxc/topaze 7:memory:/lxc/topaze 6:cpuset:/lxc/topaze 5:net_cls,net_prio:/lxc/topaze 4:hugetlb:/lxc/topaze 3:perf_event:/lxc/topaze 2:blkio:/lxc/topaze 1:name=systemd:/lxc/topaze In the container auth.log, I see those lines: Jan 24 15:20:09 topaze systemd-logind[1739]: cgmanager: cgm_list_children for controller=systemd, cgroup_path=lxc/topaze/user failed: invalid request Jan 24 15:20:09 topaze systemd-logind[1739]: New seat seat0. Jan 24 15:20:09 topaze systemd-logind[1739]: Preallocating VTs... Jan 24 15:20:09 topaze systemd-logind[1739]: systemd-logind running as pid 1739 Jan 24 15:20:11 topaze lightdm: pam_systemd(lightdm-greeter:session): Failed to create session: Invalid argument The container runs cgproxy. On the host, cgmanager reports: jan 24 15:20:09 opale cgmanager[952]: cgmanager: Invalid path /run/cgmanager/fs/none,name=systemd//lxc/topaze/lxc/topaze/user (No such file or directory) jan 24 15:20:09 opale cgmanager[952]: cgmanager:list_children_main: Could not determine the requested cgroup (systemd:lxc/topaze/user) jan 24 15:20:09 opale cgmanager[952]: cgmanager: Error getting children for systemd:lxc/topaze/user for pid 2095 Does anybody have a hint on what causes this cgroup path duplication (lxc/topaze/lxc/topaze)? I suspect it may have something to do with the issue. Thanks Alain.___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxc file "only allowed for containers that are currently running"?
On Tue, Jan 26, 2016 at 02:25:12AM +0900, Tomasz Chmielewski wrote: > On 2016-01-26 01:46, Stéphane Graber wrote: > > >>So either documentation is outdated, and lxc push/pull is allowed > >>for containers in any state (or at least RUNNING and STOPPED) or the > >>functionality will be removed. > >>Which one is true? Being able to push/pull the files is quite > >>convenient. > > >I changed file pull/push a little while ago to work against stopped > >containers too, clearly I forgot to update the documentation :) > > Excellent! > > >A pull request would be appreciated, otherwise I'll try to remember to > >fix this next time I look at the specs. > > I would if I knew how! Hi, I just opened https://github.com/lxc/lxd/pull/1534 for you. It should get merged soon, thanks! -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] "termination protection"?
Is there a way to protect the containers against accidental termination? For example: # lxc list | container-2016-01-25-17-20-11 | RUNNING | 10.190.0.50 (eth0) (...) # lxc delete container-2016-01-25-17-20-11 No longer there! Some kind of "lxc config set containername allowdelete=0" would be very useful: - "s" is next to "d" on the keyboard, so it's easy to delete the container with: lxc d-press-tab containername - it would feel safer to protect important containers this way - probably "lxc config set containername allowdelete=0" should not protect snapshots, if named explicitely, i.e. "lxc delete containername/snapshot" Tomasz Chmielewski http://wpkg.org ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxc file "only allowed for containers that are currently running"?
On 2016-01-26 01:46, Stéphane Graber wrote: So either documentation is outdated, and lxc push/pull is allowed for containers in any state (or at least RUNNING and STOPPED) or the functionality will be removed. Which one is true? Being able to push/pull the files is quite convenient. I changed file pull/push a little while ago to work against stopped containers too, clearly I forgot to update the documentation :) Excellent! A pull request would be appreciated, otherwise I'll try to remember to fix this next time I look at the specs. I would if I knew how! Tomasz Chmielewski http://wpkg.org ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxc file "only allowed for containers that are currently running"?
On Tue, Jan 26, 2016 at 01:42:12AM +0900, Tomasz Chmielewski wrote: > According to fine manual[1], lxc file "is only allowed for > containers that are currently running". > > I've tried doing both push and pull operations on a container in > STOPPED state, and it worked, i.e.: > > lxc file pull stopped-container/etc/services . > lxc file push services stopped-container/etc/services > > > So either documentation is outdated, and lxc push/pull is allowed > for containers in any state (or at least RUNNING and STOPPED) or the > functionality will be removed. > Which one is true? Being able to push/pull the files is quite > convenient. > > > I'm using: > > lxd-client 0.27-0ubuntu2~ubuntu14.04.1~ppa1 amd64 > > > [1] > https://github.com/lxc/lxd/blob/master/specs/command-line-user-experience.md#file Hi, I changed file pull/push a little while ago to work against stopped containers too, clearly I forgot to update the documentation :) A pull request would be appreciated, otherwise I'll try to remember to fix this next time I look at the specs. Cheers -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] lxc file "only allowed for containers that are currently running"?
According to fine manual[1], lxc file "is only allowed for containers that are currently running". I've tried doing both push and pull operations on a container in STOPPED state, and it worked, i.e.: lxc file pull stopped-container/etc/services . lxc file push services stopped-container/etc/services So either documentation is outdated, and lxc push/pull is allowed for containers in any state (or at least RUNNING and STOPPED) or the functionality will be removed. Which one is true? Being able to push/pull the files is quite convenient. I'm using: lxd-client 0.27-0ubuntu2~ubuntu14.04.1~ppa1 amd64 [1] https://github.com/lxc/lxd/blob/master/specs/command-line-user-experience.md#file Tomasz Chmielewski http://wpkg.org/ ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxd: restore snapshot as a new container?
On 2016-01-25 22:19, Tomasz Chmielewski wrote: Let's say I have a container named "container1" and make a snapshot called "test1": # lxc snapshot container1 "test1" How would I restore it as a new container, called "container1-test"? lxc copy container1/test1 container1-test1 If using a filesystem which allows snapshotting (btrfs) - will it copy container's directory (uses lots of space, takes long), or snapshot it (almost instant, uses almost no extra space)? It seems to be doing a proper snapshot - good :) Tomasz Chmielewski http://wpkg.org ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxd: restore snapshot as a new container?
On 2016-01-20 02:04, Serge Hallyn wrote: Quoting Tomasz Chmielewski (man...@wpkg.org): Can lxc restore a snapshot as a new container? Let's say I have a container named "container1" and make a snapshot called "test1": # lxc snapshot container1 "test1" How would I restore it as a new container, called "container1-test"? lxc copy container1/test1 container1-test1 If using a filesystem which allows snapshotting (btrfs) - will it copy container's directory (uses lots of space, takes long), or snapshot it (almost instant, uses almost no extra space)? Tomasz Chmielewski http://wpkg.org ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users