[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

This bug was fixed in the package systemd - 225-1ubuntu9.1 --- systemd (225-1ubuntu9.1) wily-proposed; urgency=medium * Add "pids" cgroup controller to user LXC support patch. Fixes running with newer kernels. (LP: #1533833) -- Martin Pitt Mon, 18

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

This bug was fixed in the package systemd - 225-1ubuntu9.1 --- systemd (225-1ubuntu9.1) wily-proposed; urgency=medium * Add "pids" cgroup controller to user LXC support patch. Fixes running with newer kernels. (LP: #1533833) -- Martin Pitt Mon, 18

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Marking verification-done bc the pids cgroup problem is addressed. If you continue to have a problem with the apparmor profile, please file a new bug. ** Tags removed: verification-failed verification-needed ** Tags added: verification-done -- You received this bug notification because you are

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Marking verification-done bc the pids cgroup problem is addressed. If you continue to have a problem with the apparmor profile, please file a new bug. ** Tags removed: verification-failed verification-needed ** Tags added: verification-done -- You received this bug notification because you are

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

strangely enough, adding the aa_allow_incomplete option doesn't seem to make a difference; container startup keeps failing at the same point. In any case, it does seem to initialize the container correctly, and I seem to hit a different issue. The entire cgroup thing seems to work now, at

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

strangely enough, adding the aa_allow_incomplete option doesn't seem to make a difference; container startup keeps failing at the same point. In any case, it does seem to initialize the container correctly, and I seem to hit a different issue. The entire cgroup thing seems to work now, at

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Quoting Bas Zoetekouw (b...@debian.org): > I've downgraded systemd to 225-1ubuntu9.1 from wily/proposed. Kernel is > still linux-image-4.5.0-040500rc4-generic and lxc is > 1.1.5-0ubuntu0.15.10.3 from wily-updates. > > Unfortunately, when I now start the lxc container, I seem to hit a > different

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Quoting Bas Zoetekouw (b...@debian.org): > I've downgraded systemd to 225-1ubuntu9.1 from wily/proposed. Kernel is > still linux-image-4.5.0-040500rc4-generic and lxc is > 1.1.5-0ubuntu0.15.10.3 from wily-updates. > > Unfortunately, when I now start the lxc container, I seem to hit a > different

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

I've downgraded systemd to 225-1ubuntu9.1 from wily/proposed. Kernel is still linux-image-4.5.0-040500rc4-generic and lxc is 1.1.5-0ubuntu0.15.10.3 from wily-updates. Unfortunately, when I now start the lxc container, I seem to hit a different bug. I get: lxc-start 1455870309.289 INFO

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

I've downgraded systemd to 225-1ubuntu9.1 from wily/proposed. Kernel is still linux-image-4.5.0-040500rc4-generic and lxc is 1.1.5-0ubuntu0.15.10.3 from wily-updates. Unfortunately, when I now start the lxc container, I seem to hit a different bug. I get: lxc-start 1455870309.289 INFO

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Thanks - do make sure to log back in after the update. The xenial systemd would fail because there you must have libpam-cgfs to get your own cgroups for lxc. In wily iirc that should not be required. -- You received this bug notification because you are a member of Ubuntu Server Team, which is

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Thanks - do make sure to log back in after the update. The xenial systemd would fail because there you must have libpam-cgfs to get your own cgroups for lxc. In wily iirc that should not be required. -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

This was systemd and kernel from xenial. I'll try again tomorrov with the wily-proposed systemd and xenial kernel. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title:

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

This was systemd and kernel from xenial. I'll try again tomorrov with the wily-proposed systemd and xenial kernel. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Oh, right, something with the pids controller enabled. Still want to make sure he's using the right systemd version, since his appears not to be fixed otherwise. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu.

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Oh, right, something with the pids controller enabled. Still want to make sure he's using the right systemd version, since his appears not to be fixed otherwise. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Serge Hallyn [2016-02-18 16:39 -]: > Just to be sure, can you show the systemd version you were using here? > The intent was to check with systemd from wily-proposed, with the > regular wily kernel. I thought the idea was to use a xenial kernel on wily? -- You received this bug notification

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Serge Hallyn [2016-02-18 16:39 -]: > Just to be sure, can you show the systemd version you were using here? > The intent was to check with systemd from wily-proposed, with the > regular wily kernel. I thought the idea was to use a xenial kernel on wily? -- You received this bug notification

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Just to be sure, can you show the systemd version you were using here? The intent was to check with systemd from wily-proposed, with the regular wily kernel. In particular, an upstream kernel would be expected to fail by default without setting an extra apparmor flag in the container

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Just to be sure, can you show the systemd version you were using here? The intent was to check with systemd from wily-proposed, with the regular wily kernel. In particular, an upstream kernel would be expected to fail by default without setting an extra apparmor flag in the container

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

I've just tried with an upstream 4.5.0-rc4 kernel (which does boot on my laptop). Unfortunately, it doesn't work yet. linux-image linux-image-4.5.0-040500rc4-generic systemd 229-1ubuntu2 lxc 1.1.5-0ubuntu0.15.10.3 starting a container gives: lxc-start 1455712091.086 DEBUGlxc_console

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

I've just tried with an upstream 4.5.0-rc4 kernel (which does boot on my laptop). Unfortunately, it doesn't work yet. linux-image linux-image-4.5.0-040500rc4-generic systemd 229-1ubuntu2 lxc 1.1.5-0ubuntu0.15.10.3 starting a container gives: lxc-start 1455712091.086 DEBUGlxc_console

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Martin, > On 11-02-16 10:24, Martin Pitt wrote: >> Bas, any chance to test the update in -proposed so that we can >> release that? > > I'll try to test it later this week, if that's ok. Unfortunately, the xenial 4.4 kernel won't boot for me

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Martin, > On 11-02-16 10:24, Martin Pitt wrote: >> Bas, any chance to test the update in -proposed so that we can >> release that? > > I'll try to test it later this week, if that's ok. Unfortunately, the xenial 4.4 kernel won't boot for me

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Martin, On 11-02-16 10:24, Martin Pitt wrote: > Bas, any chance to test the update in -proposed so that we can > release that? I'll try to test it later this week, if that's ok. Best regards, Bas. - -- And what shoulder and what art Could

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi Martin, On 11-02-16 10:24, Martin Pitt wrote: > Bas, any chance to test the update in -proposed so that we can > release that? I'll try to test it later this week, if that's ok. Best regards, Bas. - -- And what shoulder and what art Could

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Bas, any chance to test the update in -proposed so that we can release that? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers won't start, need to put

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

bug 1539488 is nothing new and not related to systemd. ** Tags removed: verification-failed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

bug 1539488 is nothing new and not related to systemd. ** Tags removed: verification-failed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers won't start,

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Bas, any chance to test the update in -proposed so that we can release that? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers won't start, need

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Bug 1538960 is unrelated and a local configuration error. ** Tags removed: verification-failed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers won't start,

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Bug 1538960 is unrelated and a local configuration error. ** Tags removed: verification-failed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Hello Bas, or anyone else affected, Accepted systemd into wily-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/225-1ubuntu9.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Hello Bas, or anyone else affected, Accepted systemd into wily-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/225-1ubuntu9.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Thanks - Martin - tested that with the mainline kernel, and it did indeed give me a pids cgroup: ubuntu@pitti:~$ cat /proc/self/cgroup 11:hugetlb:/user.slice/user-1000.slice/session-2.scope 10:blkio:/user.slice/user-1000.slice/session-2.scope 9:devices:/user.slice/user-1000.slice/session-2.scope

Re: [Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Thanks - Martin - tested that with the mainline kernel, and it did indeed give me a pids cgroup: ubuntu@pitti:~$ cat /proc/self/cgroup 11:hugetlb:/user.slice/user-1000.slice/session-2.scope 10:blkio:/user.slice/user-1000.slice/session-2.scope 9:devices:/user.slice/user-1000.slice/session-2.scope

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

I uploaded a systemd with adding the "pids" cgroup controller to https://launchpad.net/~pitti/+archive/ubuntu/ppa . It would be great if you could test this! (Sorry, running out of time today.) ** Changed in: systemd (Ubuntu Wily) Status: Triaged => In Progress ** Changed in: systemd

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

I uploaded a systemd with adding the "pids" cgroup controller to https://launchpad.net/~pitti/+archive/ubuntu/ppa . It would be great if you could test this! (Sorry, running out of time today.) ** Changed in: systemd (Ubuntu Wily) Status: Triaged => In Progress ** Changed in: systemd

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Tested it myself now as well. I uploaded it to the wily-proposed SRU queue. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers won't start, need

[Bug 1533833] Re: unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controller

Tested it myself now as well. I uploaded it to the wily-proposed SRU queue. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers won't start, need to put

[Bug 1533833] Re: unprivileged lxc containers won't start

Ah, right, that explains things: I'm running a xenial kernel, I think. For completeness sake, these are the versions: [bas@miranda]~> uname -a Linux miranda 4.3.0-5-generic #16-Ubuntu SMP Wed Dec 16 23:33:25 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [bas@miranda]~> dpkg -l linux-image-\* systemd

[Bug 1533833] Re: unprivileged lxc containers won't start

Ah, right, that explains things: I'm running a xenial kernel, I think. For completeness sake, these are the versions: [bas@miranda]~> uname -a Linux miranda 4.3.0-5-generic #16-Ubuntu SMP Wed Dec 16 23:33:25 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux [bas@miranda]~> dpkg -l linux-image-\* systemd

[Bug 1533833] Re: unprivileged lxc containers won't start

** Changed in: systemd (Ubuntu Wily) Status: New => Triaged ** Summary changed: - unprivileged lxc containers won't start + unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controlelr ** Summary changed: - unprivileged lxc containers won't start, need

[Bug 1533833] Re: unprivileged lxc containers won't start

** Changed in: systemd (Ubuntu Wily) Status: New => Triaged ** Summary changed: - unprivileged lxc containers won't start + unprivileged lxc containers won't start, need to put sessions into "pids" cgroup controlelr ** Summary changed: - unprivileged lxc containers won't start, need

[Bug 1533833] Re: unprivileged lxc containers won't start

systemd should be updated to know about the pids cgroup ** Also affects: lxc (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Wily) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu) Status: Confirmed => Fix Released **

[Bug 1533833] Re: unprivileged lxc containers won't start

(Note this should be properly handled in xenial, but needs fixing in wily) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers won't start To

[Bug 1533833] Re: unprivileged lxc containers won't start

systemd should be updated to know about the pids cgroup ** Also affects: lxc (Ubuntu Wily) Importance: Undecided Status: New ** Also affects: systemd (Ubuntu Wily) Importance: Undecided Status: New ** Changed in: lxc (Ubuntu) Status: Confirmed => Fix Released **

[Bug 1533833] Re: unprivileged lxc containers won't start

(Note this should be properly handled in xenial, but needs fixing in wily) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1533833 Title: unprivileged lxc containers won't start To manage

[Bug 1533833] Re: unprivileged lxc containers won't start

You're using a newer kernel which provides the 'pids' cgroup. Systemd doesn't know about that one and so doesn't create a cgroup for you that you own. Lxc in turn (in wily) doesn't yet know how to handle that. You can work around this several ways. The simplest is to do sudo cgm create pids

[Bug 1533833] Re: unprivileged lxc containers won't start

You're using a newer kernel which provides the 'pids' cgroup. Systemd doesn't know about that one and so doesn't create a cgroup for you that you own. Lxc in turn (in wily) doesn't yet know how to handle that. You can work around this several ways. The simplest is to do sudo cgm create pids