Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Unprivileged lxc as systemd service / cgroups default paths

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
unicodeone
Posts: 1
Joined: 2017-10-11 23:05

Unprivileged lxc as systemd service / cgroups default paths

#1 Post by unicodeone »

I had the idea of managing starting and stopping unprivileged lxc containers via systemd.

The unit.service file I wrote looks like this:

Code: Select all

[Unit]                       
Description=lxc container ttimer    

[Service]                           
Type=forking                        
PIDFile=/var/lib/lxc-home/pid
ExecStart=/usr/bin/lxc-start -n lxc01.dev -p /var/lib/lxc-home/pid --logpriority DEBUG                                    
#ExecStart=/bin/bash -c '/bin/cat /proc/self/cgroup'
User=lxc_user
Group=lxc_user
Logs show me that I am on the right track, except the message

Code: Select all

lxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_create:1022 - Permission denied - Could not create cgroup '/lxc' in '/sys/fs/cgroup/freezer'.
I used the day to get a better knowledge about systemd, cgroups, lxc and the big picture. I learned its an error about the cgroup hierarchy.

When I am logged in as lxc_user I get

Code: Select all

$ /bin/cat /proc/self/cgroup
10:devices:/user.slice
9:pids:/user.slice/user-900.slice/session-20.scope
8:memory:/user/lxc_user/0
7:net_cls,net_prio:/
6:cpu,cpuacct:/user.slice
5:blkio:/user.slice
4:perf_event:/
3:freezer:/user/lxc_user/0
2:cpuset:/
1:name=systemd:/user/lxc_user/0
But when running this via systemd (the commented out line in the unit file) i get

Code: Select all

Oct 11 22:45:25 lxc03 bash[21263]: 10:devices:/machine.slice
Oct 11 22:45:25 lxc03 bash[21263]: 9:pids:/machine.slice/lxc_user.service
Oct 11 22:45:25 lxc03 bash[21263]: 8:memory:/machine.slice
Oct 11 22:45:25 lxc03 bash[21263]: 7:net_cls,net_prio:/
Oct 11 22:45:25 lxc03 bash[21263]: 6:cpu,cpuacct:/machine.slice
Oct 11 22:45:25 lxc03 bash[21263]: 5:blkio:/machine.slice
Oct 11 22:45:25 lxc03 bash[21263]: 4:perf_event:/
Oct 11 22:45:25 lxc03 bash[21263]: 3:freezer:/
Oct 11 22:45:25 lxc03 bash[21263]: 2:cpuset:/
Oct 11 22:45:25 lxc03 bash[21263]: 1:name=systemd:/machine.slice/lxc-ttimer.service
I know that it is possible to change the cgroup via a running processes pid but in this case that would be to late. I need to change the path of the controller "freezer" before starting the container.

And that is the point where I can't find an answer to my question. How does this default cgroup paths are defined? Why are some paths set to / and others to subgroups?

Post Reply