<div dir="ltr">Package: lxc<br>
Version: 1:2.0.7-2+deb9u1<br>
Severity: normal<br>
Tags: patch<br>
<br>
Dear Maintainer,<br>
<br>
   * What led up to the situation?<br>
<br>
   Just create a simple user unprivileged lxc container after following the official Debian documentation <a href="https://wiki.debian.org/LXC#Unprivileged_container" rel="noreferrer" target="_blank">https://wiki.debian.org/LXC#<wbr>Unprivileged_container</a>.<br>
<br>
   Container fails when started with:<br>
<br>
   ----------------<br>
         lxc-start 20170124115651.107 ERROR    lxc_cgfs - cgroups/cgfs.c:lxc_cgroupfs_<wbr>create:909 - Could not set clone_children to 1 for cpuset hierarchy in parent cgroup.<br>
         lxc-start 20170124115651.107 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Read-only file system - cgroup_rmdir: failed to delete /sys/fs/cgroup/perf_event/<br>
         lxc-start 20170124115651.107 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Read-only file system - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpuset/<br>
         lxc-start 20170124115651.107 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Read-only file system - cgroup_rmdir: failed to delete /sys/fs/cgroup/net_cls,net_<wbr>prio/<br>
         lxc-start 20170124115651.107 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/pids/user.<wbr>slice/user-1000.slice/session-<wbr>2.scope<br>
         lxc-start 20170124115651.108 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/memory/user.<wbr>slice<br>
         lxc-start 20170124115651.108 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Read-only file system - cgroup_rmdir: failed to delete /sys/fs/cgroup/freezer/<br>
         lxc-start 20170124115651.108 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/blkio/user.<wbr>slice<br>
         lxc-start 20170124115651.108 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/cpu,cpuacct/<wbr>user.slice<br>
         lxc-start 20170124115651.109 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/devices/user.<wbr>slice<br>
         lxc-start 20170124115651.109 ERROR    lxc_cgfs - cgroups/cgfs.c:cgroup_rmdir:<wbr>209 - Permission denied - cgroup_rmdir: failed to delete /sys/fs/cgroup/systemd/user.<wbr>slice/user-1000.slice/session-<wbr>2.scope<br>
         lxc-start 20170124115651.109 ERROR    lxc_start - start.c:lxc_spawn:1108 - Failed creating cgroups.<br>
         lxc-start 20170124115651.109 ERROR    lxc_start - start.c:__lxc_start:1346 - Failed to spawn container "ubuntu".<br>
         lxc-start 20170124115651.616 ERROR    lxc_start_ui - tools/lxc_start.c:main:366 - The container failed to start.<br>
         lxc-start 20170124115651.616 ERROR    lxc_start_ui - 
tools/lxc_start.c:main:370 - Additional information can be obtained by 
setting the --logfile and --logpriority options.<br>
   ----------------<br>
<br>
   * What exactly did you do (or not do) that was effective (or<br>
     ineffective)?<br>
<br>
   I have found this thread on LXC forums <a href="https://discuss.linuxcontainers.org/t/failed-creating-cgroups/272/4" rel="noreferrer" target="_blank">https://discuss.<wbr>linuxcontainers.org/t/failed-<wbr>creating-cgroups/272/4</a> that suggests to use the Ubuntu's version of the libpam-cgfs package.<br>
   The Ubuntu version of the package seems to include some patches that 
properly set user's CGroups permission upon user's login.<br>
<br>
   * What was the outcome of this action?<br>
<br>
         Installing the Ubuntu version of the libpam-cgfs fixes the problem.<br>
<br>
<br>
I was not sure if I should have posted the bug here on in libpam-cfgs. I hope you don't mind my choice.<br>
<br>
Bests,<br>
<br>
Andrea<br>
<br>
<br>
-- System Information:<br>
Debian Release: 9.3<br>
  APT prefers stable-updates<br>
  APT policy: (500, 'stable-updates'), (500, 'stable'), (400, 'unstable')<br>
Architecture: amd64 (x86_64)<br>
<br>
Kernel: Linux 4.14.0-0.bpo.3-amd64 (SMP w/8 CPU cores)<br>
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)<br>
Shell: /bin/sh linked to /bin/dash<br>
Init: systemd (via /run/systemd/system)<br>
<br>
Versions of packages lxc depends on:<br>
ii  init-system-helpers  1.48<br>
ii  libapparmor1         2.11.0-3<br>
ii  libc6                2.24-11+deb9u1<br>
ii  libcap2              1:2.25-1<br>
ii  libgnutls30          3.5.8-5+deb9u3<br>
ii  liblxc1              1:2.0.7-2+deb9u1<br>
ii  libseccomp2          2.3.1-2.1<br>
ii  libselinux1          2.6-3+b3<br>
ii  lsb-base             9.20161125<br>
ii  python3              3.5.3-1<br>
ii  python3-lxc          1:2.0.7-2+deb9u1<br>
<br>
Versions of packages lxc recommends:<br>
ii  bridge-utils  1.5-13+deb9u1<br>
ii  debootstrap   1.0.92~bpo9+1<br>
ii  dirmngr       2.1.18-8~deb9u1<br>
ii  dnsmasq-base  2.76-5+deb9u1<br>
ii  gnupg         2.1.18-8~deb9u1<br>
ii  iptables      1.6.1-2~bpo9+1<br>
ii  libpam-cgfs   2.0.7-1<br>
ii  lxcfs         2.0.7-1<br>
ii  openssl       1.1.0f-3+deb9u1<br>
ii  rsync         3.1.2-1+deb9u1<br>
ii  uidmap        1:4.4-4.1<br>
<br>
Versions of packages lxc suggests:<br>
ii  apparmor     2.11.0-3<br>
pn  btrfs-tools  <none><br>
ii  lvm2         2.02.168-2<br>
<br>
-- Configuration Files:<br>
/etc/lxc/default.conf changed [not included]<br>
<br>
-- no debconf information<br></div>