Re: [Lxc-users] PostgreSQL - sh: cannot create /dev/null: Permission denied - LXC Issue?

[Jäkel , Guido]

Dear Patrick,

As I understand /dev/null isn't writable in your container. That's definitely a 
wrong configuration.

Please check, that there is a real device node for  /dev/null  (and others) in 
your container and you have it (and others) in the lxc device access control 
list (lxc.cgroup.devices.allow = c 1:3 rw)

Note that -- depending on the linux flavor in your LXC container -- you might 
have to populate /dev by your own, because it's not reasonable to run udev or 
something like this inside a container.

Greetings

Guido

--
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] lxc-destroy does not destroy cgroup

[Serge Hallyn]

Quoting Arie Skliarouk (sklia...@gmail.com):
 I don't have the /cgroup directory mounted. Somehow, the directory is
 mounted automatically onto the /sys/fs/cgroup
 
 *root@mf:~# df | grep cgroup
 cgroup12368328 0  12368328   0% /sys/fs/cgroup
 root@mf:~# ls /sys/fs/cgroup/
 blkio  cpu  cpuacct  cpuset  devices  freezer  memory  net_cls  perf_event*
 
 Each subdirectory of the above contains directory per container with knobs
 that are specific to the resource:
 
 *root@mf:~# ls /sys/fs/cgroup/cpu/dev
 cgroup.clone_children  cgroup.procs  cpu.rt_runtime_us
 notify_on_release
 cgroup.event_control   cpu.rt_period_us  cpu.shares tasks
 root@mf:~#*
 
 Could well be this is because of the 3.0.0-12-server kernel. I don't see

No, userspace does the mounting.  i.e. in ubuntu the cgroup-lite or
cgroup-bin packages both do it.

 how I can rename a stuck cgroup easily in this situation. Any advices?

You can build an lxc with my patch (until Daniel has a chance to apply it),
but in the meantime you can make a script 'move_cgroup.sh' along the lines
of:

#!/bin/sh
if [ $# -lt 1 ]; then
echo Usage: $0 cgroup-name
echo  Moves the cgroup-name out of the way.
fi
g=$1

t=`mktemp -u cg.`
for d in /sys/fs/cgroup/*; do
mv $d/$g $d/$g.$t
done

Note that doesn't clean anything up, so if there are hung tasks those will
still be around.  A script to list details of each task in the hung cgroup
would be pretty simple too, and useful - if you write one, you might send
it here for inclusion in lxc!

 BTW, I once had /cgroup mounted from fstab like this:
 
 *none /cgroup cgroup defaults 0 0*
 
 It grouped all settings into per-container directory nicely, but the server
 failed to boot with that.

Yes, once early userspace has mounted the /sys/fs/cgroup/*, that fstab
entry would cause trouble.  But if you remove the package doing the
cgroup mounting, you should be able to go back to using this fstab
entry.

-serge

--
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Re: [Lxc-users] PostgreSQL - sh: cannot create /dev/null: Permission denied - LXC Issue?

[Patrick Kevin McCaffrey]

There is indeed a node at /dev/null.  The configuration that I base my 
containers off of is as follows:



lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /lxc/debian_squeeze_template/rootfs
lxc.cgroup.devices.deny = a
lxc.network.type = veth
lxc.network.link = br0
#lxc.network.veth.pair = 
lxc.network.ipv4 = 192.168.80.100
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm

# mounts point
lxc.mount.entry=proc /lxc/debian_squeeze_template//rootfs/proc proc 
nodev,noexec,nosuid 0 0
lxc.mount.entry=sysfs /lxc/debian_squeeze_template//rootfs/sys sysfs defaults  
0 0

---

Everything stays the same from container to container except for the IP and the 
rootfs.  I think I have it set up right?  Am I missing it?

Pat



- Original Message -
From: Guido Jäkel g.jae...@dnb.de
To: Patrick Kevin McCaffrey p...@uwm.edu, lxc-users 
lxc-users@lists.sourceforge.net
Sent: Tuesday, December 20, 2011 2:06:49 AM
Subject: Re: [Lxc-users] PostgreSQL - sh: cannot create /dev/null: Permission 
denied - LXC Issue?

Dear Patrick,

As I understand /dev/null isn't writable in your container. That's definitely a 
wrong configuration.

Please check, that there is a real device node for  /dev/null  (and others) in 
your container and you have it (and others) in the lxc device access control 
list (lxc.cgroup.devices.allow = c 1:3 rw)

Note that -- depending on the linux flavor in your LXC container -- you might 
have to populate /dev by your own, because it's not reasonable to run udev or 
something like this inside a container.

Greetings

Guido

--
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
___
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users