Ubuntu
lxc package

hybrid control goup mode breaks lxc adt tests

Bug #1690125 reported by Dimitri John Ledkov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lxc (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

I will disably hybrid control groups by default for now, but will create a ppa with such systemd, for ease of testing.

FAIL: lxc-tests: /usr/bin/lxc-test-apparmor-mount
---
/usr/sbin/deluser: The user `lxcunpriv' does not exist.
/usr/bin/lxc-test-apparmor-mount: 138: /usr/bin/lxc-test-apparmor-mount: cannot create /sys/fs/cgroup/unified/lxctest/tasks: Permission denied
Container is not defined
umount: /sys/kernel/security/apparmor/features/mount: not mounted
---

FAIL: lxc-tests: /usr/bin/lxc-test-unpriv
---
Removing user `lxcunpriv' ...
Warning: group `lxcunpriv' has no more members.
Done.
/usr/bin/lxc-test-unpriv: line 154: /sys/fs/cgroup/unified/lxctest/tasks: Permission denied
c2 is not running
c1 is not running
---
FAIL: lxc-tests: /usr/bin/lxc-test-usernic
---
/usr/sbin/deluser: The user `usernic-user' does not exist.
/usr/bin/lxc-test-usernic: line 111: /sys/fs/cgroup/unified/lxctest/tasks: Permission denied
FAIL
---
PASS: lxc-tests: /usr/bin/lxc-test-utils
PASS: python3: API
Removing 'local diversion of /usr/bin/dirmngr to /usr/bin/dirmngr.orig'

CHANGES WITH 233:

        * The "hybrid" control group mode has been modified to improve
          compatibility with "legacy" cgroups-v1 setups. Specifically, the
          "hybrid" setup of /sys/fs/cgroup is now pretty much identical to
          "legacy" (including /sys/fs/cgroup/systemd as "name=systemd" named
          cgroups-v1 hierarchy), the only externally visible change being that
          the cgroups-v2 hierarchy is also mounted, to
          /sys/fs/cgroup/unified. This should provide a large degree of
          compatibility with "legacy" cgroups-v1, while taking benefit of the
          better management capabilities of cgroups-v2.

        * The default control group setup mode may be selected both a boot-time
          via a set of kernel command line parameters (specifically:
          systemd.unified_cgroup_hierarchy= and
          systemd.legacy_systemd_cgroup_controller=), as well as a compile-time
          default selected on the configure command line
          (--with-default-hierarchy=). The upstream default is "hybrid"
          (i.e. the cgroups-v1 + cgroups-v2 mixture discussed above) now, but
          this will change in a future systemd version to be "unified" (pure
          cgroups-v2 mode). The third option for the compile time option is
          "legacy", to enter pure cgroups-v1 mode. We recommend downstream
          distributions to default to "hybrid" mode for release distributions,
          starting with v233. We recommend "unified" for development
          distributions (specifically: distributions such as Fedora's rawhide)
          as that's where things are headed in the long run. Use "legacy" for
          greatest stability and compatibility only.

        * Note one current limitation of "unified" and "hybrid" control group
          setup modes: the kernel currently does not permit the systemd --user
          instance (i.e. unprivileged code) to migrate processes between two
          disconnected cgroup subtrees, even if both are managed and owned by
          the user. This effectively means "systemd-run --user --scope" doesn't
          work when invoked from outside of any "systemd --user" service or
          scope. Specifically, it is not supported from session scopes. We are
          working on fixing this in a future systemd version. (See #3388 for
          further details about this.)

Dimitri John Ledkov (xnox)
tags: added: rls-aa-incoming
Dimitri John Ledkov (xnox)
Changed in lxc (Ubuntu):
status: New → Fix Committed
Changed in systemd (Ubuntu):
status: New → Incomplete
Changed in apparmor (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lxc - 2.0.7-0ubuntu4

---------------
lxc (2.0.7-0ubuntu4) artful; urgency=medium

  * Update test-suite to skip 'hybrid' (v1 & v2 mounted simultaniously)
    cgroups for now. LP: #1690125

 -- Dimitri John Ledkov <email address hidden> Thu, 11 May 2017 12:01:33 +0100

Changed in lxc (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Christian Brauner (cbrauner) wrote :

Hey everyone,

Uust as an fyi: I sent a branch https://github.com/lxc/lxc/pull/1713 which is now merged that makes LXC handle the hybrid cgroup case provided the cgroup v2 mount does not bind any controllers (Which is the current default). It will be included in the next LXC release.

Thanks!
Christian

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Thank you for the update!

no longer affects: systemd (Ubuntu)
no longer affects: apparmor (Ubuntu)
Changed in lxc (Ubuntu):
status: Fix Released → In Progress
tags: removed: rls-aa-incoming
Christian Brauner (cbrauner)
Changed in lxc (Ubuntu):
status: In Progress → Fix Released
no longer affects: lxc
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.