[systemd-bugs] [cgroup in lxc container] problem with non root user session in lxc container
Jacek Pielaszkiewicz
j.pielaszkie at samsung.com
Fri Feb 28 05:11:04 PST 2014
Hi
I have found that for some reason systemd creates in container user
cgroup hierarchy in user and system slices.
Extract form strace
/sys/fs/cgroup/devices/system.slice/system-server.service/user.slice/user-50
00.slice/user at 5000.service/cgroup.procs
/sys/fs/cgroup/systemd/system.slice/system-server.service/user.slice/user-50
00.slice/user at 5000.service/cgroup.procs
/sys/fs/cgroup/systemd/system.slice/system-server.service/system.slice/syste
m-server.service/user.slice
/sys/fs/cgroup/systemd/system.slice/system-server.service/system.slice/syste
m-server.service/user.slice/user-5000.slice
On host the case is different - systemd creates user cgroup hierarchy in
user.slice only.
I have attached full strace for the case.
Best reagrds
Jacek Pielaszkiewicz
Samsung R&D Institute Poland
Samsung Electronics
Email: j.pielaszkie at samsung.com
> -----Original Message-----
> From: Lennart Poettering [mailto:lennart at poettering.net]
> Sent: Friday, February 28, 2014 1:27 PM
> To: Jacek Pielaszkiewicz
> Cc: systemd-bugs at lists.freedesktop.org
> Subject: Re: [systemd-bugs] [cgroup in lxc container] problem with non
> root user session in lxc container
>
> On Fri, 28.02.14 08:15, Jacek Pielaszkiewicz (j.pielaszkie at samsung.com)
> wrote:
>
> > > My educated geuss here is that cgroupfs can't deal with user
> > > namepsaces?
> > > or something like that? Note that the systemd --user instance
> should
> > > normally get write access to the cgroup subtree, so that it
> > > canmanage its own subtree. That didn't work apparently...
> >
> > My tests show that if the systemd could perform chown in the proper
> > place of cgroup hierarchy, problem with user namespace can be
> resolved
> > (as I mentioned in my first email).
>
> Hmm? I can't parse this...
>
> >
> > >
> > > > <filesystem type="ram">
> > > > <source usage="1024" />
> > > > <target dir="/tmp"/>
> > > > </filesystem>
> > >
> > > This appears unnecessary, as that's systemd's default anyway...
> >
> > Without mount /tmp by container systemd reposts error:
> >
> > [ OK ] Reached target Slices.
> > [ OK ] Started Create static device nodes in /dev.
> > [FAILED] Failed to mount Temporary Directory.
> > See 'systemctl status tmp.mount' for details.
> > [ OK ] Reached target Local File Systems.
> > Starting Recreate Volatile Files and Directories...
>
> Any idea why that fails? Anything in the logs?
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.strace.2
Type: application/octet-stream
Size: 95703 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20140228/a1b1f647/attachment-0001.obj>
More information about the systemd-bugs
mailing list