Re: [lxc-users] ghost services on LXC containers
On 8/13/20 9:02 AM, Harald Dunkel wrote: # cat /sys/fs/cgroup/unified/system.slice/zabbix-agent.service/cgroup.procs 0 0 0 0 0 0 PID 0 is not valid here, AFAICT. And zabbix-agent isn't even installed in my container. Its installed on the host only. PS: Lennart Pottering wrote about this: Is it possible the container and the host run in the very same cgroup hierarchy? If that's the case (and it looks like it): this is not supported. Please file a bug against LXC, it's very clearly broken. (https://lists.freedesktop.org/archives/systemd-devel/2020-August/045022.html) I would be highly interested in your thoughts about this. Harri ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] ghost services on LXC containers
On Thu, Aug 13, 2020 at 5:23 PM Harald Dunkel wrote: > > On 8/13/20 9:02 AM, Harald Dunkel wrote: > > > > # cat /sys/fs/cgroup/unified/system.slice/zabbix-agent.service/cgroup.procs > > 0 > > 0 > > 0 > > 0 > > 0 > > 0 > > > > > > PID 0 is not valid here, AFAICT. And zabbix-agent isn't even installed > > in my container. Its installed on the host only. > > > > PS: > Lennart Pottering wrote about this: > > Is it possible the container and the host run in the very same cgroup > hierarchy? > > If that's the case (and it looks like it): this is not > supported. Please file a bug against LXC, it's very clearly broken. > > (https://lists.freedesktop.org/archives/systemd-devel/2020-August/045022.html) > > > I would be highly interested in your thoughts about this. Try (two times, once inside the container, once inside the host): - cat /proc/self/cgroup - ls -la /proc/self/ns -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] ghost services on LXC containers
On 8/13/20 12:32 PM, Fajar A. Nugraha wrote: Try (two times, once inside the container, once inside the host): - cat /proc/self/cgroup - ls -la /proc/self/ns On the host: root@il08:~# cat /proc/self/cgroup 13:name=systemd:/ 12:rdma:/ 11:pids:/ 10:perf_event:/ 9:net_prio:/ 8:net_cls:/ 7:memory:/ 6:freezer:/ 5:devices:/ 4:cpuset:/ 3:cpuacct:/ 2:cpu:/ 1:blkio:/ 0::/ root@il08:~# ls -la /proc/self/ns total 0 dr-x--x--x 2 root root 0 Aug 13 12:40 . dr-xr-xr-x 9 root root 0 Aug 13 12:40 .. lrwxrwxrwx 1 root root 0 Aug 13 12:40 cgroup -> 'cgroup:[4026531835]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 ipc -> 'ipc:[4026531839]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 mnt -> 'mnt:[4026531840]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 net -> 'net:[4026531992]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 pid -> 'pid:[4026531836]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 pid_for_children -> 'pid:[4026531836]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 time -> 'time:[4026531834]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 time_for_children -> 'time:[4026531834]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 user -> 'user:[4026531837]' lrwxrwxrwx 1 root root 0 Aug 13 12:40 uts -> 'uts:[4026531838]' Entering the container: root@il08:~# lxc-attach -n il02 root@il02:~# cat /proc/self/cgroup 13:name=systemd:/ 12:rdma:/ 11:pids:/ 10:perf_event:/ 9:net_prio:/ 8:net_cls:/ 7:memory:/ 6:freezer:/ 5:devices:/ 4:cpuset:/ 3:cpuacct:/ 2:cpu:/ 1:blkio:/ 0::/ root@il02:~# ls -la /proc/self/ns total 0 dr-x--x--x 2 root root 0 Aug 13 12:42 . dr-xr-xr-x 9 root root 0 Aug 13 12:42 .. lrwxrwxrwx 1 root root 0 Aug 13 12:42 cgroup -> 'cgroup:[4026532376]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 ipc -> 'ipc:[4026532313]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 mnt -> 'mnt:[4026532311]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 net -> 'net:[4026532316]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 pid -> 'pid:[4026532314]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 pid_for_children -> 'pid:[4026532314]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 time -> 'time:[4026531834]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 time_for_children -> 'time:[4026531834]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 user -> 'user:[4026531837]' lrwxrwxrwx 1 root root 0 Aug 13 12:42 uts -> 'uts:[4026532312]' I am not sure what this is trying to tell me, though. Is this the same hierarchy? And would you agree that this is really a bad thing to do? Harri ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] ghost services on LXC containers
On Thu, Aug 13, 2020 at 5:47 PM Harald Dunkel wrote: > > On 8/13/20 12:32 PM, Fajar A. Nugraha wrote: > > Try (two times, once inside the container, once inside the host): > > - cat /proc/self/cgroup > > - ls -la /proc/self/ns > > On the host: > > root@il08:~# cat /proc/self/cgroup > 13:name=systemd:/ > 12:rdma:/ > 11:pids:/ > 10:perf_event:/ > 9:net_prio:/ > 8:net_cls:/ > 7:memory:/ > 6:freezer:/ > 5:devices:/ > 4:cpuset:/ > 3:cpuacct:/ > 2:cpu:/ > 1:blkio:/ > 0::/ > root@il08:~# ls -la /proc/self/ns > total 0 > dr-x--x--x 2 root root 0 Aug 13 12:40 . > dr-xr-xr-x 9 root root 0 Aug 13 12:40 .. > lrwxrwxrwx 1 root root 0 Aug 13 12:40 cgroup -> 'cgroup:[4026531835]' > lrwxrwxrwx 1 root root 0 Aug 13 12:40 ipc -> 'ipc:[4026531839]' > lrwxrwxrwx 1 root root 0 Aug 13 12:40 mnt -> 'mnt:[4026531840]' > lrwxrwxrwx 1 root root 0 Aug 13 12:40 net -> 'net:[4026531992]' > lrwxrwxrwx 1 root root 0 Aug 13 12:40 pid -> 'pid:[4026531836]' > lrwxrwxrwx 1 root root 0 Aug 13 12:40 pid_for_children -> 'pid:[4026531836]' > lrwxrwxrwx 1 root root 0 Aug 13 12:40 time -> 'time:[4026531834]' > lrwxrwxrwx 1 root root 0 Aug 13 12:40 time_for_children -> 'time:[4026531834]' > lrwxrwxrwx 1 root root 0 Aug 13 12:40 user -> 'user:[4026531837]' > lrwxrwxrwx 1 root root 0 Aug 13 12:40 uts -> 'uts:[4026531838]' > > > Entering the container: > > root@il08:~# lxc-attach -n il02 > root@il02:~# cat /proc/self/cgroup > 13:name=systemd:/ > 12:rdma:/ > 11:pids:/ > 10:perf_event:/ > 9:net_prio:/ > 8:net_cls:/ > 7:memory:/ > 6:freezer:/ > 5:devices:/ > 4:cpuset:/ > 3:cpuacct:/ > 2:cpu:/ > 1:blkio:/ > 0::/ > root@il02:~# ls -la /proc/self/ns > total 0 > dr-x--x--x 2 root root 0 Aug 13 12:42 . > dr-xr-xr-x 9 root root 0 Aug 13 12:42 .. > lrwxrwxrwx 1 root root 0 Aug 13 12:42 cgroup -> 'cgroup:[4026532376]' > lrwxrwxrwx 1 root root 0 Aug 13 12:42 ipc -> 'ipc:[4026532313]' > lrwxrwxrwx 1 root root 0 Aug 13 12:42 mnt -> 'mnt:[4026532311]' > lrwxrwxrwx 1 root root 0 Aug 13 12:42 net -> 'net:[4026532316]' > lrwxrwxrwx 1 root root 0 Aug 13 12:42 pid -> 'pid:[4026532314]' > lrwxrwxrwx 1 root root 0 Aug 13 12:42 pid_for_children -> 'pid:[4026532314]' > lrwxrwxrwx 1 root root 0 Aug 13 12:42 time -> 'time:[4026531834]' > lrwxrwxrwx 1 root root 0 Aug 13 12:42 time_for_children -> 'time:[4026531834]' > lrwxrwxrwx 1 root root 0 Aug 13 12:42 user -> 'user:[4026531837]' > lrwxrwxrwx 1 root root 0 Aug 13 12:42 uts -> 'uts:[4026532312]' > > > I am not sure what this is trying to tell me, though. Is this the same > hierarchy? It shouldn't be. /proc/self/ns says the two has different cgroup namespace, so even if /proc/self/cgroup look the same, they are not. > And would you agree that this is really a bad thing to do? If they're the same hierarchy on the same namespace, yes. If they're on different namespace, no. Not sure what's wrong on your setup though. Your debian bug page link says 'No longer marked as found in versions systemd/241-7~deb10u4', so perhaps there's that. If this is still reproducible on systems with that (or newer) versions of systemd, I'd suggest these to help find the root cause: - try latest lxd from snap - try on ubuntu host and container I'm using ubuntu with systemd 237-3ubuntu10.20 and 245.4-4ubuntu3.1, and dont experience your bug report. -- Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
