[systemd-bugs] [cgroup in lxc container] problem with non root user session in lxc container
Jacek Pielaszkiewicz
j.pielaszkie at samsung.com
Mon Mar 3 02:02:31 PST 2014
Hi
The enclosed file contains full strace for the case.
Best regards
Jacek Pielaszkiewicz
Samsung R&D Institute Poland
Samsung Electronics
Email: j.pielaszkie at samsung.com
> -----Original Message-----
> From: Jacek Pielaszkiewicz [mailto:j.pielaszkie at samsung.com]
> Sent: Friday, February 28, 2014 2:11 PM
> To: 'Lennart Poettering'
> Cc: 'systemd-bugs at lists.freedesktop.org'
> Subject: RE: [systemd-bugs] [cgroup in lxc container] problem with non
> root user session in lxc container
>
> Hi
>
> I have found that for some reason systemd creates in container
> user cgroup hierarchy in user and system slices.
>
>
> Extract form strace
>
> /sys/fs/cgroup/devices/system.slice/system-
> server.service/user.slice/user-
> 5000.slice/user at 5000.service/cgroup.procs
> /sys/fs/cgroup/systemd/system.slice/system-
> server.service/user.slice/user-
> 5000.slice/user at 5000.service/cgroup.procs
>
> /sys/fs/cgroup/systemd/system.slice/system-
> server.service/system.slice/system-server.service/user.slice
> /sys/fs/cgroup/systemd/system.slice/system-
> server.service/system.slice/system-server.service/user.slice/user-
> 5000.slice
>
>
> On host the case is different - systemd creates user cgroup hierarchy
> in user.slice only.
>
>
> I have attached full strace for the case.
>
>
> Best reagrds
>
>
> Jacek Pielaszkiewicz
> Samsung R&D Institute Poland
> Samsung Electronics
> Email: j.pielaszkie at samsung.com
>
>
>
> > -----Original Message-----
> > From: Lennart Poettering [mailto:lennart at poettering.net]
> > Sent: Friday, February 28, 2014 1:27 PM
> > To: Jacek Pielaszkiewicz
> > Cc: systemd-bugs at lists.freedesktop.org
> > Subject: Re: [systemd-bugs] [cgroup in lxc container] problem with
> non
> > root user session in lxc container
> >
> > On Fri, 28.02.14 08:15, Jacek Pielaszkiewicz
> > (j.pielaszkie at samsung.com)
> > wrote:
> >
> > > > My educated geuss here is that cgroupfs can't deal with user
> > > > namepsaces?
> > > > or something like that? Note that the systemd --user instance
> > should
> > > > normally get write access to the cgroup subtree, so that it
> > > > canmanage its own subtree. That didn't work apparently...
> > >
> > > My tests show that if the systemd could perform chown in the proper
> > > place of cgroup hierarchy, problem with user namespace can be
> > resolved
> > > (as I mentioned in my first email).
> >
> > Hmm? I can't parse this...
> >
> > >
> > > >
> > > > > <filesystem type="ram">
> > > > > <source usage="1024" />
> > > > > <target dir="/tmp"/>
> > > > > </filesystem>
> > > >
> > > > This appears unnecessary, as that's systemd's default anyway...
> > >
> > > Without mount /tmp by container systemd reposts error:
> > >
> > > [ OK ] Reached target Slices.
> > > [ OK ] Started Create static device nodes in /dev.
> > > [FAILED] Failed to mount Temporary Directory.
> > > See 'systemctl status tmp.mount' for details.
> > > [ OK ] Reached target Local File Systems.
> > > Starting Recreate Volatile Files and Directories...
> >
> > Any idea why that fails? Anything in the logs?
> >
> > Lennart
> >
> > --
> > Lennart Poettering, Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1.strace.2.gz
Type: application/x-gzip
Size: 11509 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-bugs/attachments/20140303/b1e9530f/attachment.bin>
More information about the systemd-bugs
mailing list