[pkg-lxc-devel] Bug#1030389: lxc: Conflict with new systemd cgroup unified hierarchy

Linas Vepstas linasvepstas at gmail.com
Fri Feb 3 22:17:36 GMT 2023 

Package: lxc
Version: 1:4.0.6-2+deb11u1
Severity: important
Tags: newcomer
X-Debbugs-Cc: linasvepstas at gmail.com

Dear Maintainer,

Hit the bug described here:

https://github.com/systemd/systemd/issues/13477

and also here:

https://github.com/lxc/lxc/issues/4072

According the the first github report, sometime around 2019 or earlier,
'systemd now defaults to the "unified" cgroup hierarchy setup' as
explained in the second comment.  This means that the directory entry
`/sys/fs/cgroup/systemd` is now missing. This prevents LXC containers
from booting, as explained in the second github report. Running
`lxc-start -F <my-container>` reveals the error message:
```
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted 
```

There are two known work-arounds, I can confirm that both work. One is
to create the missing cgroup entry mainually:
```
mkdir -p /sys/fs/cgroup/systemd && mount -t cgroup cgroup -o none,name=systemd /sys/fs/cgroup/systemd
```

which is stunningly hacky and inadvisable, but it does confirm the
root cause of the problem: that directory is missing.

The other work-around is to boot the host and disable the unified
hierarchy, like so:
```
# echo 'GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false' > /etc/default/grub.d/cgroup.cfg
# update-grub
# shutdown -r now
```

Both of these work for me.  LXC is 100% unusable without this. How is
it possible that this has not been reported to Debian before? Am I the
only person on the planet using LXC on Debian???


-- System Information:
Debian Release: 11.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.0.0-0.deb11.6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lxc depends on:
ii  bridge-utils                 1.7-1
ii  debconf [debconf-2.0]        1.5.77
ii  dnsmasq-base [dnsmasq-base]  2.85-1
ii  iproute2                     5.10.0-4
ii  iptables                     1.8.7-1
ii  libc6                        2.31-13+deb11u5
ii  libcap2                      1:2.44-1
ii  libgcc-s1                    10.2.1-6
ii  liblxc1                      1:4.0.6-2+deb11u1
ii  libseccomp2                  2.5.1-1+deb11u1
ii  libselinux1                  3.1-3
ii  lsb-base                     11.1.0

Versions of packages lxc recommends:
ii  apparmor       2.13.6-10
ii  debootstrap    1.0.123+deb11u1
ii  dirmngr        2.2.27-2+deb11u2
ii  gnupg          2.2.27-2+deb11u2
ii  libpam-cgfs    1:4.0.6-2+deb11u1
ii  lxc-templates  3.0.4-5
ii  lxcfs          4.0.7-1
ii  openssl        1.1.1n-0+deb11u3
ii  rsync          3.2.3-4+deb11u1
ii  uidmap         1:4.8.1-1
ii  wget           1.21-1+deb11u1

Versions of packages lxc suggests:
ii  btrfs-progs  5.10.1-2
pn  lvm2         <none>
pn  python3-lxc  <none>

-- debconf information:
  lxc/auto_update_config:

More information about the Pkg-lxc-devel mailing list