user lxc containers fail to start under systemd: login name=systemd cgroup is not owned by user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
Fix Released
|
High
|
Martin Pitt |
Bug Description
When a user logs in, systemd-logind should create cgroups for the user, with the directory (i.e. /user.slice/
I wanted to test the new lxc with lxcfs. A system container (with upstart or systemd) works perfectly well now (great!), but user containers regressed:
$ lxc-create -n v1 -t download -- -d ubuntu -r vivid -a amd64
$ lxc-start -n v1 -F
lxc-start: cgmanager.c: lxc_cgmanager_
lxc-start: start.c: __lxc_start: 1099 failed to spawn 'v1'
lxc-start: lxc_start.c: main: 345 The container failed to start.
My host is running systemd, but cgmanager is running (i. e. it's not bug 1400394, I enabled cgmanager.service).
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: lxc 1.1.0~rc1-0ubuntu1
ProcVersionSign
Uname: Linux 3.18.0-9-generic x86_64
ApportVersion: 2.15.1-0ubuntu2
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Jan 23 10:35:55 2015
EcryptfsInUse: Yes
InstallationDate: Installed on 2014-11-20 (63 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20141119)
SourcePackage: lxc
UpgradeStatus: No upgrade log present (probably fresh install)
defaults.conf:
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:xx:xx:xx
lxc.conf: lxc.lxcpath = /srv/lxc
affects: | lxc (Ubuntu) → systemd (Ubuntu) |
Changed in systemd (Ubuntu): | |
importance: | Undecided → High |
status: | New → Confirmed |
summary: |
- lxc_cgmanager_enter: 694 call to cgmanager_move_pid_sync failed: invalid - requestUser container fails to start: + login name=systemd cgroup is not owned by user |
description: | updated |
summary: |
- login name=systemd cgroup is not owned by user + user lxc containers fail to start: login name=systemd cgroup is not + owned by user |
summary: |
- user lxc containers fail to start: login name=systemd cgroup is not - owned by user + user lxc containers fail to start under systemd: login name=systemd + cgroup is not owned by user |
Changed in systemd (Ubuntu): | |
status: | In Progress → Fix Committed |
I suppose the user container runs upstart (from the template), as that's still the ubuntu vivid default. But I have a feeling it's not even getting that far; when I start with --logfile /dev/stdout --logpriority debug it all just seems to be early setup:
$ lxc-start -n v1 --logfile /dev/stdout --logpriority debug -F c:main: 265 - using rcfile /home/martin/ .local/ share/lxc/ v1/config c:config_ pivotdir: 1776 - lxc.pivotdir is ignored. It will soon become an error. c:config_ idmap:1384 - read uid map: type u nsid 0 hostid 100000 range 65536 c:config_ idmap:1384 - read uid map: type g nsid 0 hostid 100000 range 65536 log_init: 316 - lxc_log_init called with log already initialized c:cgm_get: 963 - do_cgm_get exited with error c:lsm_init: 48 - LSM security driver AppArmor c:parse_ config_ v2:298 - processing: .reject_ force_umount # comment this to allow umount -f; not recommended. c:parse_ config_ v2:371 - Adding non-compat rule for reject_force_umount action 0 c:do_resolve_ add_rule: 192 - Setting seccomp rule to reject force umounts
lxc-start 1422005786.443 INFO lxc_start_ui - lxc_start.
lxc-start 1422005786.444 WARN lxc_confile - confile.
lxc-start 1422005786.445 INFO lxc_confile - confile.
lxc-start 1422005786.445 INFO lxc_confile - confile.
lxc-start 1422005786.445 WARN lxc_log - log.c:lxc_
lxc-start 1422005786.446 WARN lxc_cgmanager - cgmanager.
lxc-start 1422005786.447 INFO lxc_lsm - lsm/lsm.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp. c:parse_ config_ v2:382 - Adding compat rule for reject_force_umount action 0 c:parse_ config_ v2:390 - Adding non-compat rule bc nr1 == nr2 (-1, -1) c:do_resolve_ add_rule: 192 - Setting seccomp rule to reject force umounts
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp. c:parse_ config_ v2:298 - processing: .[all]. c:parse_ config_ v2:298 - processing: .kexec_load errno 1. c:parse_ config_ v2:371 - Adding non-compat rule for kexec_load action 327681 c:parse_ config_ v2:382 - Adding compat rule for kexec_load action 327681 c:parse_ config_ v2:395 - Really adding compat rule bc nr1 == nr2 (283, 246) c:parse_ config_ v2:298 - processing: .open_by_handle_at errno 1. c:parse_ config_ v2:371 - Adding non-compat rule for open_by_handle_at action 327681 c:parse_ config_ v2:382 - Adding compat rule for open_by_handle_at action 327681 c:parse_ config_ v2:395 - Re...
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.
lxc-start 1422005786.447 INFO lxc_seccomp - seccomp.