[Touch-packages] [Bug 1582364] Re: Failure to reset devices.list on LXC privileged containers on Xenial
Update: the listening ports are created if you specify a specific address root@neo4j-nmap:~# netstat -ant|grep LISTEN tcp0 0 0.0.0.0:53550.0.0.0:* LISTEN tcp0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:250.0.0.0:* LISTEN tcp6 0 0 10.0.1.211:7687 :::*LISTEN tcp6 0 0 :::5355 :::*LISTEN tcp6 0 0 10.0.1.211:7473 :::*LISTEN tcp6 0 0 10.0.1.211:7474 :::*LISTEN tcp6 0 0 :::22 :::*LISTEN tcp6 0 0 ::1:25 :::*LISTEN -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1582364 Title: Failure to reset devices.list on LXC privileged containers on Xenial Status in lxc package in Ubuntu: Invalid Bug description: I created a privilege container on Xenial using command "sudo lxc- create -n test-privilege -t ubuntu", and container hits failed to reset devices.list errors for every boot: root@psyduck-maas20:/var/lib/lxc# sudo lxc-start -n test-privilege -F systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to Ubuntu 16.04 LTS! Set hostname to . Failed to install release agent, ignoring: No such file or directory [ OK ] Reached target Swap. [ OK ] Listening on Syslog Socket. Failed to reset devices.list on /system.slice: Operation not permitted [ OK ] Created slice System Slice. Failed to reset devices.list on /system.slice/system-getty.slice: Operation not permitted [ OK ] Created slice system-getty.slice. [ OK ] Reached target Encrypted Volumes. [ OK ] Reached target Remote File Systems (Pre). [ OK ] Reached target Remote File Systems. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Listening on Journal Audit Socket. [ OK ] Listening on Journal Socket. Failed to reset devices.list on /system.slice/dev-hugepages.mount: Operation not permitted Mounting Huge Pages File System... Failed to reset devices.list on /system.slice/systemd-journald.service: Operation not permitted Starting Journal Service... Failed to reset devices.list on /system.slice/resolvconf.service: Operation not permitted Starting Nameserver information manager... Failed to reset devices.list on /system.slice/systemd-remount-fs.service: Operation not permitted Starting Remount Root and Kernel File Systems... [ OK ] Started Dispatch Password Requests to Console Directory Watch. Failed to reset devices.list on /system.slice/system-container\x2dgetty.slice: Operation not permitted [ OK ] Created slice system-container\x2dgetty.slice. [ OK ] Reached target Slices. [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Reached target Sockets. Failed to reset devices.list on /system.slice/dev-lxc-tty4.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-kernel-debug.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty2.mount: Operation not permitted Failed to reset devices.list on /system.slice/-.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty1.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-mqueue.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty3.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-diskstats.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-fs-fuse-connections.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-meminfo.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-uptime.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-devices-virtual-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-console.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sys-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-swaps.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sysrq\x2dtrigger.mount: Operation not permitted Fa
[Touch-packages] [Bug 1582364] Re: Failure to reset devices.list on LXC privileged containers on Xenial
>From my current experience on Ubuntu 16.10 and LXC managed by Proxmox with Neo4j: + The service starts but does not create listening sockets after the initial run, when the /etc/neo4j/neo4j.conf configuration is changed to the following below: neo4j.conf >> ++ dbms.connectors.default_listen_address=0.0.0.0 root@neo4j-nmap:~# service neo4j status * neo4j.service - LSB: Neo4j Graph Database server Loaded: loaded (/etc/init.d/neo4j; generated; vendor preset: enabled) Active: active (exited) since Fri 2017-02-17 04:24:15 UTC; 5 days ago Docs: man:systemd-sysv-generator(8) Process: 486 ExecStart=/etc/init.d/neo4j start (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 4915) CGroup: /system.slice/neo4j.service Feb 17 04:24:15 neo4j-nmap systemd[1]: neo4j.service: Failed to reset devices.list: Operation n Feb 17 04:24:15 neo4j-nmap systemd[1]: Starting LSB: Neo4j Graph Database server... Feb 17 04:24:15 neo4j-nmap neo4j[486]: Starting Neo4j. Feb 17 04:24:15 neo4j-nmap neo4j[486]: WARNING: Max 1024 open files allowed, minimum of 4 r Feb 17 04:24:15 neo4j-nmap neo4j[486]: Started neo4j (pid 579). By default, it is available at Feb 17 04:24:15 neo4j-nmap neo4j[486]: There may be a short delay until the server is ready. Feb 17 04:24:15 neo4j-nmap neo4j[486]: See /var/log/neo4j/neo4j.log for current status. Feb 17 04:24:15 neo4j-nmap systemd[1]: Started LSB: Neo4j Graph Database server. Feb 17 04:38:44 neo4j-nmap systemd[1]: neo4j.service: Failed to reset devices.list: Operation n root@neo4j-nmap:~# netstat -ant|grep LISTEN tcp0 0 0.0.0.0:53550.0.0.0:* LISTEN tcp0 0 127.0.0.53:53 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp0 0 127.0.0.1:250.0.0.0:* LISTEN tcp6 0 0 :::5355 :::*LISTEN tcp6 0 0 :::22 :::*LISTEN tcp6 0 0 ::1:25 :::*LISTEN -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1582364 Title: Failure to reset devices.list on LXC privileged containers on Xenial Status in lxc package in Ubuntu: Invalid Bug description: I created a privilege container on Xenial using command "sudo lxc- create -n test-privilege -t ubuntu", and container hits failed to reset devices.list errors for every boot: root@psyduck-maas20:/var/lib/lxc# sudo lxc-start -n test-privilege -F systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to Ubuntu 16.04 LTS! Set hostname to . Failed to install release agent, ignoring: No such file or directory [ OK ] Reached target Swap. [ OK ] Listening on Syslog Socket. Failed to reset devices.list on /system.slice: Operation not permitted [ OK ] Created slice System Slice. Failed to reset devices.list on /system.slice/system-getty.slice: Operation not permitted [ OK ] Created slice system-getty.slice. [ OK ] Reached target Encrypted Volumes. [ OK ] Reached target Remote File Systems (Pre). [ OK ] Reached target Remote File Systems. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Listening on Journal Audit Socket. [ OK ] Listening on Journal Socket. Failed to reset devices.list on /system.slice/dev-hugepages.mount: Operation not permitted Mounting Huge Pages File System... Failed to reset devices.list on /system.slice/systemd-journald.service: Operation not permitted Starting Journal Service... Failed to reset devices.list on /system.slice/resolvconf.service: Operation not permitted Starting Nameserver information manager... Failed to reset devices.list on /system.slice/systemd-remount-fs.service: Operation not permitted Starting Remount Root and Kernel File Systems... [ OK ] Started Dispatch Password Requests to Console Directory Watch. Failed to reset devices.list on /system.slice/system-container\x2dgetty.slice: Operation not permitted [ OK ] Created slice system-container\x2dgetty.slice. [ OK ] Reached target Slices. [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Reached target Sockets. Failed to reset devices.list on /system.slice/dev-lxc-tty4.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-kernel-debug.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty2.mount: Operation not permitted Failed to
[Touch-packages] [Bug 1582364] Re: Failure to reset devices.list on LXC privileged containers on Xenial
Serge, thanks for looking. Here's the *release info. The lxc package info is in description. ubuntu@psyduck-maas20:~$ cat /etc/*-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=16.04 DISTRIB_CODENAME=xenial DISTRIB_DESCRIPTION="Ubuntu 16.04 LTS" NAME="Ubuntu" VERSION="16.04 LTS (Xenial Xerus)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 16.04 LTS" VERSION_ID="16.04" HOME_URL="http://www.ubuntu.com/"; SUPPORT_URL="http://help.ubuntu.com/"; BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"; UBUNTU_CODENAME=xenial Right, the issue is not the container not being able to start, but whether there is an impact to services within the container. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1582364 Title: Failure to reset devices.list on LXC privileged containers on Xenial Status in lxc package in Ubuntu: Invalid Bug description: I created a privilege container on Xenial using command "sudo lxc- create -n test-privilege -t ubuntu", and container hits failed to reset devices.list errors for every boot: root@psyduck-maas20:/var/lib/lxc# sudo lxc-start -n test-privilege -F systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to Ubuntu 16.04 LTS! Set hostname to . Failed to install release agent, ignoring: No such file or directory [ OK ] Reached target Swap. [ OK ] Listening on Syslog Socket. Failed to reset devices.list on /system.slice: Operation not permitted [ OK ] Created slice System Slice. Failed to reset devices.list on /system.slice/system-getty.slice: Operation not permitted [ OK ] Created slice system-getty.slice. [ OK ] Reached target Encrypted Volumes. [ OK ] Reached target Remote File Systems (Pre). [ OK ] Reached target Remote File Systems. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Listening on Journal Audit Socket. [ OK ] Listening on Journal Socket. Failed to reset devices.list on /system.slice/dev-hugepages.mount: Operation not permitted Mounting Huge Pages File System... Failed to reset devices.list on /system.slice/systemd-journald.service: Operation not permitted Starting Journal Service... Failed to reset devices.list on /system.slice/resolvconf.service: Operation not permitted Starting Nameserver information manager... Failed to reset devices.list on /system.slice/systemd-remount-fs.service: Operation not permitted Starting Remount Root and Kernel File Systems... [ OK ] Started Dispatch Password Requests to Console Directory Watch. Failed to reset devices.list on /system.slice/system-container\x2dgetty.slice: Operation not permitted [ OK ] Created slice system-container\x2dgetty.slice. [ OK ] Reached target Slices. [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Reached target Sockets. Failed to reset devices.list on /system.slice/dev-lxc-tty4.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-kernel-debug.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty2.mount: Operation not permitted Failed to reset devices.list on /system.slice/-.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty1.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-mqueue.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty3.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-diskstats.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-fs-fuse-connections.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-meminfo.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-uptime.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-devices-virtual-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-console.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sys-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-swaps.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sysrq\x2dtrigger.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-stat.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-cpuinfo.mount: Operation not permitted Failed to reset devices.list on /init.scope: Operation not permitted [ OK ] Mounted Hu
[Touch-packages] [Bug 1582364] Re: Failure to reset devices.list on LXC privileged containers on Xenial
I'm going to mark this invalid as I believe it's a non-issue. We may want lxc and systemd to cooperate more to maximize the protection of containerized services, though. ** Changed in: lxc (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1582364 Title: Failure to reset devices.list on LXC privileged containers on Xenial Status in lxc package in Ubuntu: Invalid Bug description: I created a privilege container on Xenial using command "sudo lxc- create -n test-privilege -t ubuntu", and container hits failed to reset devices.list errors for every boot: root@psyduck-maas20:/var/lib/lxc# sudo lxc-start -n test-privilege -F systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to Ubuntu 16.04 LTS! Set hostname to . Failed to install release agent, ignoring: No such file or directory [ OK ] Reached target Swap. [ OK ] Listening on Syslog Socket. Failed to reset devices.list on /system.slice: Operation not permitted [ OK ] Created slice System Slice. Failed to reset devices.list on /system.slice/system-getty.slice: Operation not permitted [ OK ] Created slice system-getty.slice. [ OK ] Reached target Encrypted Volumes. [ OK ] Reached target Remote File Systems (Pre). [ OK ] Reached target Remote File Systems. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Listening on Journal Audit Socket. [ OK ] Listening on Journal Socket. Failed to reset devices.list on /system.slice/dev-hugepages.mount: Operation not permitted Mounting Huge Pages File System... Failed to reset devices.list on /system.slice/systemd-journald.service: Operation not permitted Starting Journal Service... Failed to reset devices.list on /system.slice/resolvconf.service: Operation not permitted Starting Nameserver information manager... Failed to reset devices.list on /system.slice/systemd-remount-fs.service: Operation not permitted Starting Remount Root and Kernel File Systems... [ OK ] Started Dispatch Password Requests to Console Directory Watch. Failed to reset devices.list on /system.slice/system-container\x2dgetty.slice: Operation not permitted [ OK ] Created slice system-container\x2dgetty.slice. [ OK ] Reached target Slices. [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Reached target Sockets. Failed to reset devices.list on /system.slice/dev-lxc-tty4.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-kernel-debug.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty2.mount: Operation not permitted Failed to reset devices.list on /system.slice/-.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty1.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-mqueue.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty3.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-diskstats.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-fs-fuse-connections.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-meminfo.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-uptime.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-devices-virtual-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-console.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sys-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-swaps.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sysrq\x2dtrigger.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-stat.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-cpuinfo.mount: Operation not permitted Failed to reset devices.list on /init.scope: Operation not permitted [ OK ] Mounted Huge Pages File System. [ OK ] Started Remount Root and Kernel File Systems. Failed to reset devices.list on /system.slice/systemd-random-seed.service: Operation not permitted Starting Load/Save Random Seed... [ OK ] Reached target Local File Systems (Pre). [ OK ] Reached target Local File Systems. Failed to reset devices.list on /system.slice/systemd-remount-fs.service: Operation n
[Touch-packages] [Bug 1582364] Re: Failure to reset devices.list on LXC privileged containers on Xenial
Ah, I'm sorry, I'd misread your info. Your container is being started just fine, and has its own devices cgroup. What's actually happening is that the container is not allowed to *reset* its devices cgroup. That is because lxc has set some device cgroup limits, and the kernel is rightly forbidding the container from un-setting those. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1582364 Title: Failure to reset devices.list on LXC privileged containers on Xenial Status in lxc package in Ubuntu: Invalid Bug description: I created a privilege container on Xenial using command "sudo lxc- create -n test-privilege -t ubuntu", and container hits failed to reset devices.list errors for every boot: root@psyduck-maas20:/var/lib/lxc# sudo lxc-start -n test-privilege -F systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to Ubuntu 16.04 LTS! Set hostname to . Failed to install release agent, ignoring: No such file or directory [ OK ] Reached target Swap. [ OK ] Listening on Syslog Socket. Failed to reset devices.list on /system.slice: Operation not permitted [ OK ] Created slice System Slice. Failed to reset devices.list on /system.slice/system-getty.slice: Operation not permitted [ OK ] Created slice system-getty.slice. [ OK ] Reached target Encrypted Volumes. [ OK ] Reached target Remote File Systems (Pre). [ OK ] Reached target Remote File Systems. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Listening on Journal Audit Socket. [ OK ] Listening on Journal Socket. Failed to reset devices.list on /system.slice/dev-hugepages.mount: Operation not permitted Mounting Huge Pages File System... Failed to reset devices.list on /system.slice/systemd-journald.service: Operation not permitted Starting Journal Service... Failed to reset devices.list on /system.slice/resolvconf.service: Operation not permitted Starting Nameserver information manager... Failed to reset devices.list on /system.slice/systemd-remount-fs.service: Operation not permitted Starting Remount Root and Kernel File Systems... [ OK ] Started Dispatch Password Requests to Console Directory Watch. Failed to reset devices.list on /system.slice/system-container\x2dgetty.slice: Operation not permitted [ OK ] Created slice system-container\x2dgetty.slice. [ OK ] Reached target Slices. [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Reached target Sockets. Failed to reset devices.list on /system.slice/dev-lxc-tty4.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-kernel-debug.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty2.mount: Operation not permitted Failed to reset devices.list on /system.slice/-.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty1.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-mqueue.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty3.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-diskstats.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-fs-fuse-connections.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-meminfo.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-uptime.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-devices-virtual-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-console.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sys-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-swaps.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sysrq\x2dtrigger.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-stat.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-cpuinfo.mount: Operation not permitted Failed to reset devices.list on /init.scope: Operation not permitted [ OK ] Mounted Huge Pages File System. [ OK ] Started Remount Root and Kernel File Systems. Failed to reset devices.list on /system.slice/systemd-random-seed.service: Operation not permitted Starting Load/Save Random Seed... [ OK ] Reached target Local File Systems (Pre). [ OK ] Reached target
[Touch-packages] [Bug 1582364] Re: Failure to reset devices.list on LXC privileged containers on Xenial
On plain xenial, containers which I start as root get: sudo lxc-info -H -p -n u1 18144 ubuntu@privlxc:~$ cat /proc/18144/cgroup 11:perf_event:/lxc/u1 10:devices:/lxc/u1/init.scope 9:hugetlb:/lxc/u1 8:memory:/lxc/u1 7:blkio:/lxc/u1 6:net_cls,net_prio:/lxc/u1 5:freezer:/lxc/u1 4:cpu,cpuacct:/lxc/u1 3:pids:/lxc/u1/init.scope 2:cpuset:/lxc/u1 which is how it should be, as root is able to create cgroups for the container for all controllers. So the question is why that's not happening for you. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1582364 Title: Failure to reset devices.list on LXC privileged containers on Xenial Status in lxc package in Ubuntu: New Bug description: I created a privilege container on Xenial using command "sudo lxc- create -n test-privilege -t ubuntu", and container hits failed to reset devices.list errors for every boot: root@psyduck-maas20:/var/lib/lxc# sudo lxc-start -n test-privilege -F systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to Ubuntu 16.04 LTS! Set hostname to . Failed to install release agent, ignoring: No such file or directory [ OK ] Reached target Swap. [ OK ] Listening on Syslog Socket. Failed to reset devices.list on /system.slice: Operation not permitted [ OK ] Created slice System Slice. Failed to reset devices.list on /system.slice/system-getty.slice: Operation not permitted [ OK ] Created slice system-getty.slice. [ OK ] Reached target Encrypted Volumes. [ OK ] Reached target Remote File Systems (Pre). [ OK ] Reached target Remote File Systems. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Listening on Journal Audit Socket. [ OK ] Listening on Journal Socket. Failed to reset devices.list on /system.slice/dev-hugepages.mount: Operation not permitted Mounting Huge Pages File System... Failed to reset devices.list on /system.slice/systemd-journald.service: Operation not permitted Starting Journal Service... Failed to reset devices.list on /system.slice/resolvconf.service: Operation not permitted Starting Nameserver information manager... Failed to reset devices.list on /system.slice/systemd-remount-fs.service: Operation not permitted Starting Remount Root and Kernel File Systems... [ OK ] Started Dispatch Password Requests to Console Directory Watch. Failed to reset devices.list on /system.slice/system-container\x2dgetty.slice: Operation not permitted [ OK ] Created slice system-container\x2dgetty.slice. [ OK ] Reached target Slices. [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Reached target Sockets. Failed to reset devices.list on /system.slice/dev-lxc-tty4.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-kernel-debug.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty2.mount: Operation not permitted Failed to reset devices.list on /system.slice/-.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty1.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-mqueue.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty3.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-diskstats.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-fs-fuse-connections.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-meminfo.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-uptime.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-devices-virtual-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-console.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sys-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-swaps.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sysrq\x2dtrigger.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-stat.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-cpuinfo.mount: Operation not permitted Failed to reset devices.list on /init.scope: Operation not permitted [ OK ] Mounted Huge Pages File System. [ OK ] Started Remount Root and Kernel File Systems. Failed to reset devices.list on /system.slice/systemd-random-seed.ser
[Touch-packages] [Bug 1582364] Re: Failure to reset devices.list on LXC privileged containers on Xenial
Thanks for reporting this bug. Could you please show the precise Ubuntu release and lxc version? cat /etc/*-release dpkg -l | grep lxc -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1582364 Title: Failure to reset devices.list on LXC privileged containers on Xenial Status in lxc package in Ubuntu: New Bug description: I created a privilege container on Xenial using command "sudo lxc- create -n test-privilege -t ubuntu", and container hits failed to reset devices.list errors for every boot: root@psyduck-maas20:/var/lib/lxc# sudo lxc-start -n test-privilege -F systemd 229 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN) Detected virtualization lxc. Detected architecture x86-64. Welcome to Ubuntu 16.04 LTS! Set hostname to . Failed to install release agent, ignoring: No such file or directory [ OK ] Reached target Swap. [ OK ] Listening on Syslog Socket. Failed to reset devices.list on /system.slice: Operation not permitted [ OK ] Created slice System Slice. Failed to reset devices.list on /system.slice/system-getty.slice: Operation not permitted [ OK ] Created slice system-getty.slice. [ OK ] Reached target Encrypted Volumes. [ OK ] Reached target Remote File Systems (Pre). [ OK ] Reached target Remote File Systems. [ OK ] Listening on Journal Socket (/dev/log). [ OK ] Started Forward Password Requests to Wall Directory Watch. [ OK ] Listening on Journal Audit Socket. [ OK ] Listening on Journal Socket. Failed to reset devices.list on /system.slice/dev-hugepages.mount: Operation not permitted Mounting Huge Pages File System... Failed to reset devices.list on /system.slice/systemd-journald.service: Operation not permitted Starting Journal Service... Failed to reset devices.list on /system.slice/resolvconf.service: Operation not permitted Starting Nameserver information manager... Failed to reset devices.list on /system.slice/systemd-remount-fs.service: Operation not permitted Starting Remount Root and Kernel File Systems... [ OK ] Started Dispatch Password Requests to Console Directory Watch. Failed to reset devices.list on /system.slice/system-container\x2dgetty.slice: Operation not permitted [ OK ] Created slice system-container\x2dgetty.slice. [ OK ] Reached target Slices. [ OK ] Listening on /dev/initctl Compatibility Named Pipe. [ OK ] Reached target Sockets. Failed to reset devices.list on /system.slice/dev-lxc-tty4.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-kernel-debug.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty2.mount: Operation not permitted Failed to reset devices.list on /system.slice/-.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty1.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-mqueue.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-tty3.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-diskstats.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-fs-fuse-connections.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-meminfo.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-uptime.mount: Operation not permitted Failed to reset devices.list on /system.slice/sys-devices-virtual-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/dev-lxc-console.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sys-net.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-swaps.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-sysrq\x2dtrigger.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-stat.mount: Operation not permitted Failed to reset devices.list on /system.slice/proc-cpuinfo.mount: Operation not permitted Failed to reset devices.list on /init.scope: Operation not permitted [ OK ] Mounted Huge Pages File System. [ OK ] Started Remount Root and Kernel File Systems. Failed to reset devices.list on /system.slice/systemd-random-seed.service: Operation not permitted Starting Load/Save Random Seed... [ OK ] Reached target Local File Systems (Pre). [ OK ] Reached target Local File Systems. Failed to reset devices.list on /system.slice/systemd-remount-fs.service: Operation not permitted [ OK ] Started Journal Service. Starting Flush Journal to Persistent S
