<div dir="ltr">Package: lxc<br>
Version: 1:2.0.7-2+deb9u1<br>
Severity: normal<br>
Tags: patch<br>
<br>
Dear Maintainer,<br>
<br>
* What led up to the situation?<br>
<br>
Just create a simple user unprivileged lxc container after following the official Debian documentation <a href="https://wiki.debian.org/LXC#Unprivileged_container" rel="noreferrer" target="_blank">https://wiki.debian.org/LXC#<wbr>Unprivileged_container</a>.<br>
<br>
Container fails when started with:<br>
<br>
----------------<br>
lxc-start 20170124115651.107 ERROR lxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_<wbr>create:909 - Could not set clone_children to 1 for cpuset hierarchy in parent cgroup.<br>
lxc-start 20170124115651.107 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Read-only file system - cgroup_rmdir: failed to delete /sys/fs/cgroup/perf_event/<br>
lxc-start 20170124115651.107 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Read-only file system - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuset/<br>
lxc-start 20170124115651.107 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Read-only file system - cgroup_rmdir: failed to delete /sys/fs/cgroup/net_cls,net_<wbr>prio/<br>
lxc-start 20170124115651.107 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/pids/user.<wbr>slice/user-1000.slice/session-<wbr>2.scope<br>
lxc-start 20170124115651.108 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory/user.<wbr>slice<br>
lxc-start 20170124115651.108 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Read-only file system - cgroup_rmdir: failed to delete /sys/fs/cgroup/freezer/<br>
lxc-start 20170124115651.108 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio/user.<wbr>slice<br>
lxc-start 20170124115651.108 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct/<wbr>user.slice<br>
lxc-start 20170124115651.109 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices/user.<wbr>slice<br>
lxc-start 20170124115651.109 ERROR lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd/user.<wbr>slice/user-1000.slice/session-<wbr>2.scope<br>
lxc-start 20170124115651.109 ERROR lxc_start - start.c:lxc_spawn:1108 - Failed creating cgroups.<br>
lxc-start 20170124115651.109 ERROR lxc_start - start.c:__lxc_start:1346 - Failed to spawn container "ubuntu".<br>
lxc-start 20170124115651.616 ERROR lxc_start_ui - tools/lxc_start.c:main:366 - The container failed to start.<br>
lxc-start 20170124115651.616 ERROR lxc_start_ui -
tools/lxc_start.c:main:370 - Additional information can be obtained by
setting the --logfile and --logpriority options.<br>
----------------<br>
<br>
* What exactly did you do (or not do) that was effective (or<br>
ineffective)?<br>
<br>
I have found this thread on LXC forums <a href="https://discuss.linuxcontainers.org/t/failed-creating-cgroups/272/4" rel="noreferrer" target="_blank">https://discuss.<wbr>linuxcontainers.org/t/failed-<wbr>creating-cgroups/272/4</a> that suggests to use the Ubuntu's version of the libpam-cgfs package.<br>
The Ubuntu version of the package seems to include some patches that
properly set user's CGroups permission upon user's login.<br>
<br>
* What was the outcome of this action?<br>
<br>
Installing the Ubuntu version of the libpam-cgfs fixes the problem.<br>
<br>
<br>
I was not sure if I should have posted the bug here on in libpam-cfgs. I hope you don't mind my choice.<br>
<br>
Bests,<br>
<br>
Andrea<br>
<br>
<br>
-- System Information:<br>
Debian Release: 9.3<br>
APT prefers stable-updates<br>
APT policy: (500, 'stable-updates'), (500, 'stable'), (400, 'unstable')<br>
Architecture: amd64 (x86_64)<br>
<br>
Kernel: Linux 4.14.0-0.bpo.3-amd64 (SMP w/8 CPU cores)<br>
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)<br>
Shell: /bin/sh linked to /bin/dash<br>
Init: systemd (via /run/systemd/system)<br>
<br>
Versions of packages lxc depends on:<br>
ii init-system-helpers 1.48<br>
ii libapparmor1 2.11.0-3<br>
ii libc6 2.24-11+deb9u1<br>
ii libcap2 1:2.25-1<br>
ii libgnutls30 3.5.8-5+deb9u3<br>
ii liblxc1 1:2.0.7-2+deb9u1<br>
ii libseccomp2 2.3.1-2.1<br>
ii libselinux1 2.6-3+b3<br>
ii lsb-base 9.20161125<br>
ii python3 3.5.3-1<br>
ii python3-lxc 1:2.0.7-2+deb9u1<br>
<br>
Versions of packages lxc recommends:<br>
ii bridge-utils 1.5-13+deb9u1<br>
ii debootstrap 1.0.92~bpo9+1<br>
ii dirmngr 2.1.18-8~deb9u1<br>
ii dnsmasq-base 2.76-5+deb9u1<br>
ii gnupg 2.1.18-8~deb9u1<br>
ii iptables 1.6.1-2~bpo9+1<br>
ii libpam-cgfs 2.0.7-1<br>
ii lxcfs 2.0.7-1<br>
ii openssl 1.1.0f-3+deb9u1<br>
ii rsync 3.1.2-1+deb9u1<br>
ii uidmap 1:4.4-4.1<br>
<br>
Versions of packages lxc suggests:<br>
ii apparmor 2.11.0-3<br>
pn btrfs-tools <none><br>
ii lvm2 2.02.168-2<br>
<br>
-- Configuration Files:<br>
/etc/lxc/default.conf changed [not included]<br>
<br>
-- no debconf information<br></div>