Re: [lxc-users] Better error logging when starting containers?

; > This would be solution for lxc-start, which you (and I) are probably the > most interested in. Some more generic solution for all lxc-* tools should > probably be more adequate, but that would need attention from one of the > maintainers/core devs. > > b. > > On 22 February 2

[lxc-users] Better error logging when starting containers?

Hello lxc users, After having used lxc for a while now, I've realized that when the container fails to start, it fails with a very generic message as follows: $ lxc-start -n test lxc-start: lxc_start.c: main: 344 The container failed to start. lxc-start: lxc_start.c: main: 346 To get more details

Re: [lxc-users] CGManager and LXCFS causing lxc-start to fail for unprivileged containers

Hey Serge, Note, just dropping the '-c freezer' argument also will tell pam_cgm.so > to use all controllers. > That's good to know. Just tried it out, it works. Thanks! > > The debug info above says lxc is using cgfs and not cgmanager. Exactly > which lxc package version are you using? > I'm u

Re: [lxc-users] CGManager and LXCFS causing lxc-start to fail for unprivileged containers

5673.100 ERRORlxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options. You can find the complete lxc-start logs attached. On Fri, Jan 29, 2016 at 4:33 PM Akshay Karle wrote: > Hey Serge, > > Note, just dropping the '-c freez

[lxc-users] CGManager and LXCFS causing lxc-start to fail for unprivileged containers

Hello, Recently after upgrading lxc on Ubuntu 14.04.3 LTS, I noticed that it included the libpam-cgm package. I started to see some weird problems with cgroups and ownerships when trying to start an unprivileged container in the cases when the user running the containers is not the same as the use

Re: [lxc-users] docker in lxc

Hey Serge and Maxim, I've been busy with some work here and haven't had a lot of time to look into this. I can spend sometime now to help out. Since I don't have much idea of how to go about creating the graph driver proxy for docker, I started by trying to see what problems we get when starting

Re: [lxc-users] Network isolation in unprivileged containers

nd I'll share that on > github. > > Cheers, > > > Cordialement, > > Benoît Georgelin > > Afin de contribuer au respect de l'environnement, merci de n'imprimer ce > mail qu'en cas de nécessité > > -- > *De: *&quo

Re: [lxc-users] Network isolation in unprivileged containers

> > It would help to know, what level of isolation you're thinking about? > What is the final end goal? > I'm currently looking at ways to prevent any container from having the ability to discover other containers in the network and sniff their packets sent, which if sent over an unencrypted proto

[lxc-users] Network isolation in unprivileged containers

Hello, I've been looking at ways to isolate the network of each unprivileged container that I create. I was thinking of putting each container in it's own vlan or creating a macvlan in private mode. I haven't had success with either. I also tried creating bridges for every container and attaching

Re: [lxc-users] docker in lxc

dn't noticed > that the docker PR was merged) Maxim (cc:d) is the one who is working on > this at Odin - I think it'd be best if we can all work together. > > -serge > > Quoting Akshay Karle (akshay.a.ka...@gmail.com): > > Hey Serge, > > > > This is

Re: [lxc-users] docker in lxc

Hey Serge, This is something I'm interested in as well. Anyway I could help with the implementation of the graphdriver proxy? On Fri, Oct 16, 2015 at 12:10 PM Serge Hallyn wrote: > Quoting Tamas Papp (tom...@martos.bme.hu): > > > > > > On 08/31/2015 03:59 PM, Serge Hallyn wrote: > > >Quoting Ta

Re: [lxc-users] Running docker inside unprivileged LXC containers

e the changes. Hopefully very soon we should be able to run docker inside lxc. Thanks a lot for all the help! On Wed, Jun 17, 2015 at 12:22 PM Serge Hallyn wrote: > Quoting Akshay Karle (akshay.a.ka...@gmail.com): > > Hey, > > > > I'm running docker inside the unpriv

Re: [lxc-users] Running docker inside unprivileged LXC containers

o just check > /proc/self/uid_map. If it reads > > 0 0 4294967295 > > then you are (most likely) in the initial user namespace. You won't > be able to create devices then even if devices cgroup is not in use. > > So I guess you'll probably want

Re: [lxc-users] Running docker inside unprivileged LXC containers

Hi, After the comments here, I had a look closer look at the docker code. The problem was that it would always try to create some default devices without it checking if it had the permissions to do so. For now, I've cr

Re: [lxc-users] Running docker inside unprivileged LXC containers

wrote: > Quoting Akshay Karle (akshay.a.ka...@gmail.com): > > Hello, > > > > I'm currently working on a project that requires to run docker > > containers inside unprivileged LXC containers. I've managed to run > > unprivileged containers on an Ubuntu 14.04 host

Re: [lxc-users] Running docker inside unprivileged LXC containers

> > https://github.com/docker/docker/issues/1034 > https://github.com/docker/docker/issues/2918 > https://github.com/docker/docker/issues/2919 > > resume: Docker daemon requires real root rights in the node for aufs > mount/dismount layers, iptables rules. unprivileged containers == user > namespac

Re: [lxc-users] Running docker inside unprivileged LXC containers

haven't heard back from them yet. > > Quoting Akshay Karle (akshay.a.ka...@gmail.com): > > Hello, > > > > I'm currently working on a project that requires to run docker containers > > inside unprivileged LXC containers. I've managed to run unprivi

[lxc-users] Running docker inside unprivileged LXC containers

Hello, I'm currently working on a project that requires to run docker containers inside unprivileged LXC containers. I've managed to run unprivileged containers on an Ubuntu 14.04 host. I've also managed to get the docker daemon running using the LXC driver instead of native docker exec driver. Ri