LXC unprivileged container in Debian Jessie - Cgroups permissions?
I've been trying to start an unprivileged LXC container in Debian Jessie (stock kernel version: 3.16.0-4-686-pae) for several days with no success.
I've followed these tutorials: https://www.stgraber.org/2014/01/17/...ed-containers/ Created the subuid and subgid for the user I wish to start the containers with: Code:
# grep -w lxcuser /etc/sub* 2>/dev/null Code:
lxcuser@matuxntbk:~$ cat .config/lxc/default.conf Code:
$ lxc-ls --fancy Code:
lxcuser@matuxntbk:~$ lxc-start -f .config/lxc/default.conf -n retuxinho --logfile=/tmp/startretuxinho.log --logpriority=trace Code:
lxc-start 1429489340.992 INFO lxc_confile - read uid map: type u nsid 0 hostid 100000 range 65537 Does anybody knows what needs to be done in order to cgroups have appropiatted permissions? Any help will be ver appreciated. Thanks! |
From :
https://linuxcontainers.org/lxc/getting-started/ Quote:
|
ceyx, thanks for your response.
Yes, you know, I tried it both relogin, rebooting. Starting from ssh and tty session, if running from an xterm I set XDG_RUNTIME_DIR environment variable also. I think i'm missing some cgroup settings so lxc can create a cgroup for the container... |
It seems as if Ubuntu 14 is the way to go with these containers. The LXC document (above) states :
Quote:
You might want to get a successful Ubuntu installation going, and compare it with your Debian one to help you troubleshoot. Not much help, but there is my two cents. :) |
I was wondering the same today, so I installed an ubuntu 14.10 and LXC containers run without effort there, just as described in documentation.
I will remain with Debian... think ubuntu might share his work as long is open source and inherited lot of work from Debian... I will try to compare, if i can find any difference. |
Hi,
I was having the same issues with cgroups and network config to be able to start a lxc container on Debian Jessie lxde, Quickest solution I've found: Running the install script of https://www.flockport.com/start/ There's nice documentation about lxc on that site, and after running the script, I was allowed to run privileged containers To run unprivileged containers, what's on this link worked for me: https://www.flockport.com/lxc-using-...ed-containers/ Though I didn't wanted to run this part sudo usermod --add-subuids 100000-165536 username sudo usermod --add-subgids 100000-165536 username Cause I really can't understand how to "choose" those numbers in debian So, the workaround for the cgroups issues while trying to run unprivileged containers I do the following, as stated here http://unix.stackexchange.com/questi...s-with-systemd sudo service cgmanager start sudo cgm create all $USER sudo cgm chown all $USER $(id -u $USER) $(id -g $USER) sudo cgm movepid all $USER $$ Though I have to do this every time I run the container, but at least I can now run it =) Hope this helps someone. A more permanent fix and explanations about "usermod" stuff are welcome =) |
Cool info!
Vandoroy.cl, cool info! Thanks.
I managed to run unprivileged containers in Debian in a very similar way. I documented here in my blog (in spanish), forgot to write a couple of lines here, good you did it! http://www.equiscentrico.com.ar/2015...an-jessie.html thanks and regards, Matías |
All times are GMT -5. The time now is 01:29 AM. |