[systemd-bugs] [cgroup in lxc container] problem with non root user session in lxc container

Jacek Pielaszkiewicz j.pielaszkie at samsung.com
Fri Feb 28 05:11:04 PST 2014


Hi

	I have found that for some reason systemd creates in container user
cgroup hierarchy in user and system slices. 


Extract form strace

/sys/fs/cgroup/devices/system.slice/system-server.service/user.slice/user-50
00.slice/user at 5000.service/cgroup.procs
/sys/fs/cgroup/systemd/system.slice/system-server.service/user.slice/user-50
00.slice/user at 5000.service/cgroup.procs

/sys/fs/cgroup/systemd/system.slice/system-server.service/system.slice/syste
m-server.service/user.slice
/sys/fs/cgroup/systemd/system.slice/system-server.service/system.slice/syste
m-server.service/user.slice/user-5000.slice


On host the case is different - systemd creates user cgroup hierarchy in
user.slice only.


I have attached full strace for the case.


Best reagrds


Jacek Pielaszkiewicz
Samsung R&D Institute Poland
Samsung Electronics
Email: j.pielaszkie at samsung.com



> -----Original Message-----
> From: Lennart Poettering [mailto:lennart at poettering.net]
> Sent: Friday, February 28, 2014 1:27 PM
> To: Jacek Pielaszkiewicz
> Cc: systemd-bugs at lists.freedesktop.org
> Subject: Re: [systemd-bugs] [cgroup in lxc container] problem with non
> root user session in lxc container
> 
> On Fri, 28.02.14 08:15, Jacek Pielaszkiewicz (j.pielaszkie at samsung.com)
> wrote:
> 
> > > My educated geuss here is that cgroupfs can't deal with user
> > > namepsaces?
> > > or something like that? Note that the systemd --user instance
> should
> > > normally get write access to the cgroup subtree, so that it
> > > canmanage its own subtree. That didn't work apparently...
> >
> > My tests show that if the systemd could perform chown in the proper
> > place of cgroup hierarchy, problem with user namespace can be
> resolved
> > (as I mentioned in my first email).
> 
> Hmm? I can't parse this...
> 
> >
> > >
> > > >                 <filesystem type="ram">
> > > >                         <source usage="1024" />
> > > >                         <target dir="/tmp"/>
> > > >                 </filesystem>
> > >
> > > This appears unnecessary, as that's systemd's default anyway...
> >
> > Without mount /tmp by container systemd reposts error:
> >
> > [  OK  ] Reached target Slices.
> > [  OK  ] Started Create static device nodes in /dev.
> > [FAILED] Failed to mount Temporary Directory.
> > See 'systemctl status tmp.mount' for details.
> > [  OK  ] Reached target Local File Systems.
> >          Starting Recreate Volatile Files and Directories...
> 
> Any idea why that fails? Anything in the logs?
> 
> Lennart
> 
> --
> Lennart Poettering, Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.strace.2
Type: application/octet-stream
Size: 95703 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20140228/a1b1f647/attachment-0001.obj>


More information about the systemd-bugs mailing list