Comment 6 for bug 1642767

I was able to reproduce this bug on Debian unstable (lxc=2.0.7-2, libpam-cgfs=2.0.6-1, systemd=232-22, linux-image-4.9.0-2-amd64=4.9.18-1 or even using 4.11.0-rc6-1, libpam-cgm not installed, cgmanager not installed) with Debian Jessie unprivileged container (created using download template [1]). Systemd version in the container: 215-17+deb8u6.

In addition to the three symptoms listed in the bug description, here is another: in the container "/sys/fs/cgroup/systemd" isn't mounted (systemctl command fails and any attempt to manually mount it will hangs forever).

It appears there are two problems:

1. When using umask, create lxc cgroups before running lxc-start:

$ mkdir /sys/fs/cgroup/systemd/user.slice/user-$UID.slice/session-$XDG_SESSION_ID.scope/lxc
$ mkdir /sys/fs/cgroup/{freezer,memory}/user/$USER/0/lxc

# replace <subgid>
$ sudo chgrp <subgid> /sys/fs/cgroup/systemd/user.slice/user-$UID.slice/session-$XDG_SESSION_ID.scope/lxc
$ sudo chgrp <subgid> /sys/fs/cgroup/{freezer,memory}/user/$USER/0/lxc

$ chmod g+x /sys/fs/cgroup/systemd/user.slice/user-$UID.slice/session-$XDG_SESSION_ID.scope/lxc
$ chmod g+x /sys/fs/cgroup/{memory,freezer}/user/$USER/0/lxc

Start the container, systemd will be able to mount /sys/fs/cgroup/systemd/:

$ lxc-start -n <name>

And lxc-stop works, host is able to reboot without hard reset.

2. About the kernel related problem: systemd try to mount "/sys/fs/cgroup/systemd/" twice ([2]: mount_table and mount_setup): once using "none,name=systemd,xattr" options then if the first try fails there is another using "none,name=systemd". The first try returns "permission denied" and then systemd become stuck at the second try.

Without manually creating the lxc cgroups, I was able to reproduce this problem using unprivileged container Alpine edge (Alpine doesn't use systemd):

$ lxc-attach -n alpine_container --clear-env
# mount -t tmpfs tmpfs /sys/fs/cgroup
# mkdir /sys/fs/cgroup/systemd
# mount -t cgroup -o none,name=systemd cgroup /sys/fs/cgroup/systemd
-> mount command hangs, lxc-stop hangs, host needs a hard reset

[1] http://images.linuxcontainers.org/
[2] https://github.com/systemd/systemd/blob/1b59cf04aee20525179f81928f1e1794ce970551/src/core/mount-setup.c#L104